[Opendnssec-develop] DelegationSignerSubmitCommand
Rickard Bellgrim
rickard.bellgrim at iis.se
Tue Dec 14 08:55:19 UTC 2010
On 9 dec 2010, at 11.15, Rickard Bellgrim wrote:
>>> The rollover procedures are still quite a mess. Could you perhaps propose
>>> how we should do this in a clean way, so that the
>>> DelegationSignerSubmitCommand also function as intended?
>>>
>>
>> The only way I can think to make this clean is to force a pure rollover scheme
>> on the user... This would mean disabling the no-retire flag and having the
>> dssub command only send the new key.
>>
>> Is this too draconian and restrictive though? Keep in mind that this might be
>> the only KSK rollover scheme available for the next two releases...
>
> What do you Jakob say about this?
After some discussion with Jakob...
Maybe it is too late to disable the no-retire flag, but we can add it to known issues that it will break DNSSEC.
Then make sure that the DSSC will send the correct set of keys.
// Rickard
More information about the Opendnssec-develop
mailing list