[Opendnssec-develop] draft of document describing the enforcer
Rickard Bondesson
rickard.bondesson at iis.se
Mon Feb 23 15:12:33 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> Thoughts?
9.2 KASP TABLE
* First "ZSK | ZSK key size" in the table should be "KSK | KSK key size".
* The policy for key creation: "0=fill the hsm", is this a good option? Thinking that this will exhaust the memory and harddisk space for SoftHSM. Or is this linked to "capacity" under 10.8?
10.7
* Does this assumption make it unpossible to have any DNSSEC signatures / keys in the incomming zone?
*.*
* Missing information about emergency key rollovers
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
Charset: utf-8
wsBVAwUBSaK84eCjgaNTdVjaAQgy+wf6AnbXSVyWaVEXdPp53C/YqZuQBq0HjWpT
/en+RpajOVhBsVmiideWwuBcnjsGWs0rGPQG1gWxxYzFfc6JW/QLv529KsMDTKC6
UmhqUEGXQ0v6hJaSJSNETL+sRhayrEz6uJ88AN/+eb+012SPSc2FzWpc67h2EheM
pw6YpJ/rnXCqDqAImbqGsPEQNhEaHjpbd2JOQHFUctgqUgVOYZhDFHV/pICX3xbe
ZQPE0zRE6VWBXasAY24J35NLPGxRAtFSE2eTGmEzn3oiKCR+IiwvpS5sOyiJUQ/M
zMW2pI0Xvia0hdgCmO2Li6sVZPZ4XljO3wggMUQM/ZISx6nmy6F0/Q==
=jG1J
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list