[Opendnssec-develop] Zone moving between operators
roy at nominet.org.uk
roy at nominet.org.uk
Wed Mar 25 09:11:27 UTC 2009
Rick van Rein wrote on 03/25/2009 10:01:12 AM:
> Hi,
>
> > However, this is no issue if we decide one key should not span multiple
> > zones.
>
> This should neither be the default, nor should it be forbidden.
> The administrator should be enabled to choose, based on the capacity
> of the HSM in use (which may be a small USB key, remember).
>
> If you forbid it, you disable that cheap range of PKCS #11 devices.
>
> If you make it the default, you would not use the full power of a full
HSM.
I agree.
The software should allow for several schemes, without dictating any
policy.
Regards,
Roy Arends
Sr. Researcher
Nominet UK
More information about the Opendnssec-develop
mailing list