[Opendnssec-develop] interface between enforcer and signer

Jakob Schlyter jakob at kirei.se
Wed Feb 25 09:18:21 UTC 2009

On 24 feb 2009, at 12.13, Rick van Rein wrote:

> There's double information in this setup:
> 1. <ksk/> versus <zsk/>
> 2. <flags/> bit 0

no, the flag indicates if a key is a Secure Entry Point, not if it is  
used to sign the DNSKEY RRset (which a KSK does).

> I would not be surprised if we'll need <timestamp/> for more than
> one thing; perhaps adding a parameter could help.  Just a thought.
> It would certainly give a somewhat stronger suggestion as to its
> semantics.

yes, I'll look into this.


More information about the Opendnssec-develop mailing list