[Opendnssec-develop] interface between enforcer and signer
Jakob Schlyter
jakob at kirei.se
Wed Feb 25 09:18:21 UTC 2009
On 24 feb 2009, at 12.13, Rick van Rein wrote:
> There's double information in this setup:
> 1. <ksk/> versus <zsk/>
> 2. <flags/> bit 0
no, the flag indicates if a key is a Secure Entry Point, not if it is
used to sign the DNSKEY RRset (which a KSK does).
> I would not be surprised if we'll need <timestamp/> for more than
> one thing; perhaps adding a parameter could help. Just a thought.
> It would certainly give a somewhat stronger suggestion as to its
> semantics.
yes, I'll look into this.
jakob
More information about the Opendnssec-develop
mailing list