[Opendnssec-develop] Zone moving between operators
matthijs at NLnetLabs.nl
Mon Mar 23 18:54:39 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
I had a talk with Antoin Verschuren and have the feeling that moving
zones between operators is underspecified in the opendnssec project. The
issue was raised earlier by Rick.
Questions that were raised are:
* What to do when a zone moves from one operator to another.
* What to do when the HSM is replaced
* Should we really want to use the same key for multiple zones? It could
have great impact if it became compromised. And does KASP has the logic
if a key for zone A needs to be rollovered, but must be kept for other
This is clearly v2 material, but since it was suggested that we could
discuss v2 in the upcoming meeting, I think it is worth to include this
topic. I have taken the liberty to invite Antoin for wednesday to
discuss the issues.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop