[Opendnssec-develop] DelegationSignerSubmitCommand

Rickard Bellgrim rickard.bellgrim at iis.se
Wed Dec 8 15:38:46 UTC 2010

On 8 dec 2010, at 10.16, Sion Lloyd wrote:

>> So the --no-retire will only delay the current rollover until the
>> ksk-retire is given. And since we can only have one flow of keys within
>> the zone, then we know that the new key is what we are going to rollover
>> to.
> If the user doesn't issue the ksk-retire command, either because they forget 
> or because they don't want to, then they could just accumulate keys... again I 
> am not saying that this is a good idea, just that it is possible.

> Should we disable this option if it is not compatible with our rollover 
> scheme?

The rollover procedures are still quite a mess. Could you perhaps propose how we should do this in a clean way, so that the DelegationSignerSubmitCommand also function as intended?

// Rickard

More information about the Opendnssec-develop mailing list