[Opendnssec-develop] KSK vs ZSK
jakob at kirei.se
Thu Mar 5 13:54:40 UTC 2009
this not about GUI, just internal API semantics...
Sent from my iPhone, hence this mail might be briefer than normal.
On 5 mar 2009, at 14.48, Rick van Rein <rick at openfortress.nl> wrote:
>> For the sake of OpenDNSSEC, perhaps we should add an attribute to
>> called 'sign-what' or something, that can have the following values:
>> - sign nothing
>> - sign all
>> - sign all but keyset
>> - sign only keyset.
>> Makes sense?
> I wonder if this isn't cluttering the user interface with details that
> are of no significant consequence. The choice is non-deterministic,
> as far as I can tell. That means you are free to choose what you
> prefer, and the accepting side ought to be liberal in what it accepts.
> Keep in mind that OpenDNSSEC is supposed to be "plug and play", so it
> makes no sense to me to add GUI frills for unimportant choices that
> need a lot of explanation!
More information about the Opendnssec-develop