[Opendnssec-develop] Zone moving between operators
Ray.Bellis at nominet.org.uk
Ray.Bellis at nominet.org.uk
Thu Mar 26 06:36:25 UTC 2009
> Hmm, that means an extra thing to think about as a registry to
> implement DNSSEC: Upgrade your systems to be able handle 10M
> transactions you normally do in a year to appear in 1 second. I
> think our management will say no to DNSSEC.
>
> It is my business as a parent if I need to verify the trust anchor
> I'm providing to my children.
> You can have as many keys in your zone as you want, but if you want
> me to update your DS in my zone, you better not send them to me all at
once.
OK, serious question, since I really don't know the answer, but the answer
would affect how ISPs would operate their own signing systems:
How many key-pairs can a typical HSM manage?
Ray
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20090325/6477fcd0/attachment.htm>
More information about the Opendnssec-develop
mailing list