[Opendnssec-develop] Zone moving between operators

Matthijs Mekking matthijs at NLnetLabs.nl
Mon Mar 23 18:54:39 UTC 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I had a talk with Antoin Verschuren and have the feeling that moving
zones between operators is underspecified in the opendnssec project. The
issue was raised earlier by Rick.

Questions that were raised are:

* What to do when a zone moves from one operator to another.
* What to do when the HSM is replaced
* Should we really want to use the same key for multiple zones? It could
have great impact if it became compromised. And does KASP has the logic
if a key for zone A needs to be rollovered, but must be kept for other
zones.

This is clearly v2 material, but since it was suggested that we could
discuss v2 in the upcoming meeting, I think it is worth to include this
topic. I have taken the liberty to invite Antoin for wednesday to
discuss the issues.

Matthijs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEVAwUBScfa7w8yVCPsQCW5AQJasAgA0XBEYAm8b/yzNkh+UcIUf1iawR1LMULH
NeNXoRywHUqyVUFUEnP+7wazXtxro7BhD4JS45dKrCAeIx8EGwHhMQWQWXGLOxFi
FVkhbxGtiLVKRju7KltpIio+U2DutlFcBgfPiha3zg+hcEvbyvsilGHzSOi+ch3m
UPdy0DfGBOpz+CfU+ADHezGIWuJ9gp4LWXo3p/38xdAsLEKRsRYdwdGBMPUnOOeo
/AFmkqSQp4v+704FeHDTVPucUYHhfPFteGGDZGplplOa3C7qcYGJoFwQ0GiAC+B8
gS1cLOULfv3dgOMYPKVaz02u9GEXODGViWnSpeigCfsWb36nnBO0Yw==
=CDK4
-----END PGP SIGNATURE-----



More information about the Opendnssec-develop mailing list