[Opendnssec-develop] Key rollover
Sion Lloyd
sion at nominet.org.uk
Tue Aug 17 10:45:48 UTC 2010
Morning.
I'm looking at what needs to happen when we do an emergency rollover of a key
combined with proper key sharing.
This is more complicated than before because the key could be in any state on
various zones; whereas before we knew that it would be active (or you wouldn't
be rolling it).
If the key is active we need to make sure that a successor key is ready before
we retire the current key.
Is it always true that for any other state we can move the key straight to
dead?
Are there any cases where we need to post-publish the key?
Cheers,
Sion
More information about the Opendnssec-develop
mailing list