[Opendnssec-develop] Zone moving between operators

Ray.Bellis at nominet.org.uk Ray.Bellis at nominet.org.uk
Thu Mar 26 06:36:25 UTC 2009


> Hmm, that means an extra thing to think about as a registry to 
> implement DNSSEC: Upgrade your systems to be able handle 10M 
> transactions you normally do in a year to appear in 1 second. I 
> think our management will say no to DNSSEC.
> 
> It is my business as a parent if I need to verify the trust anchor 
> I'm providing to my children.
> You can have as many keys in your zone as you want, but if you want 
> me to update your DS in my zone, you better not send them to me all at 
once.

OK, serious question, since I really don't know the answer, but the answer 
would affect how ISPs would operate their own signing systems:

How many key-pairs can a typical HSM manage?

Ray
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20090325/6477fcd0/attachment.htm>


More information about the Opendnssec-develop mailing list