[Opendnssec-develop] KSK vs ZSK

Jakob Schlyter jakob at kirei.se
Thu Mar 5 13:54:40 UTC 2009

this not about GUI, just internal API semantics...

Sent from my iPhone, hence this mail might be briefer than normal.

On 5 mar 2009, at 14.48, Rick van Rein <rick at openfortress.nl> wrote:

> Hello,
>> For the sake of OpenDNSSEC, perhaps we should add an attribute to  
>> keys
>> called 'sign-what' or something, that can have the following values:
>> - sign nothing
>> - sign all
>> - sign all but keyset
>> - sign only keyset.
>> Makes sense?
> I wonder if this isn't cluttering the user interface with details that
> are of no significant consequence.  The choice is non-deterministic,
> as far as I can tell.  That means you are free to choose what you
> prefer, and the accepting side ought to be liberal in what it accepts.
> Keep in mind that OpenDNSSEC is supposed to be "plug and play", so it
> makes no sense to me to add GUI frills for unimportant choices that
> need a lot of explanation!
> Cheerio,
> -Rickio

More information about the Opendnssec-develop mailing list