[Opendnssec-develop] Zone moving between operators
Rick van Rein
rick at openfortress.nl
Wed Mar 25 09:01:12 UTC 2009
Hi,
> However, this is no issue if we decide one key should not span multiple
> zones.
This should neither be the default, nor should it be forbidden.
The administrator should be enabled to choose, based on the capacity
of the HSM in use (which may be a small USB key, remember).
If you forbid it, you disable that cheap range of PKCS #11 devices.
If you make it the default, you would not use the full power of a full HSM.
-Rick
More information about the Opendnssec-develop
mailing list