[Opendnssec-develop] Standby key issue
Alexd at nominet.org.uk
Alexd at nominet.org.uk
Mon Oct 26 15:32:57 UTC 2009
Hi -
In my kasp.xml, I have :
<KSK>
<Algorithm length="2048">5</Algorithm>
<Lifetime>PT40M</Lifetime>
<Repository>softHSM</Repository>
<Standby>1</Standby>
</KSK>
This means there should always be one prepublished KSK.
In the resultant zone file, there is only one KSK, which is used to sign
the zone. So, the auditor is complaining that there should be an
additional prepublished KSK (1 Standby).
Is the auditor right? If so, which component should this story be aimed
at?
Thanks,
Alex.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20091026/57ba9f63/attachment.htm>
More information about the Opendnssec-develop
mailing list