[Opendnssec-develop] KSK Rollovers
Jelte Jansen
jelte at NLnetLabs.nl
Thu Jul 2 20:03:57 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jakob Schlyter wrote:
>
>> c) Does the signer create the DS record in a way that it can be easily
>> found?
>
> at the last meeting in Amsterdam we decided that the signer should not
> save the DS records in any file - the user can use drill or similar to
> get data needed to send to the parent.
>
btw, could there be an operational policy where administrators might want to
have the DS record for a key that is not yet in a zone (i.e. before it is even
pre-published)?
btw2. if we ever generate the DS automatically we will need a configuration
option about what type of DS to produce
Jelte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkpNEq0ACgkQ4nZCKsdOncVNBwCfQI+B6C54Kd6cskn2bK1AUQLT
9LoAn1C6D+kyby1vicFFSUKZ1Fwpbryc
=DRbY
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list