[Opendnssec-develop] KSK Rollovers

Jelte Jansen jelte at NLnetLabs.nl
Thu Jul 2 20:03:57 UTC 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jakob Schlyter wrote:
> 
>> c) Does the signer create the DS record in a way that it can be easily
>> found?
> 
> at the last meeting in Amsterdam we decided that the signer should not
> save the DS records in any file - the user can use drill or similar to
> get data needed to send to the parent.
> 

btw, could there be an operational policy where administrators might want to
have the DS record for a key that is not yet in a zone (i.e. before it is even
pre-published)?

btw2. if we ever generate the DS automatically we will need a configuration
option about what type of DS to produce

Jelte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkpNEq0ACgkQ4nZCKsdOncVNBwCfQI+B6C54Kd6cskn2bK1AUQLT
9LoAn1C6D+kyby1vicFFSUKZ1Fwpbryc
=DRbY
-----END PGP SIGNATURE-----



More information about the Opendnssec-develop mailing list