[Opendnssec-develop] Purge keys
Rickard Bellgrim
rickard.bellgrim at iis.se
Tue Aug 17 11:50:24 UTC 2010
On 16 aug 2010, at 11.59, Sion Lloyd wrote:
> If a key has been in the dead state for long enough on zone "A", but is yet to
> be used by zone "B" on the policy, should we purge it?
If the key is yet to be used by zone "B" and we remove it, won't we just create a new key in the HSM to replace it? Thus not saving any space.
> My thought is that we should, because we are trying to save space on the HSM
> and there must be enough keys without this one to keep zone "A" happy.
Would zone "B" be happy?
> Can anyone think of a use-case for purge where this would not be appropriate?
Keys should only be removed if they are completely dead.
// Rickard
More information about the Opendnssec-develop
mailing list