[Opendnssec-develop] DelegationSignerSubmitCommand

Rickard Bellgrim rickard.bellgrim at iis.se
Tue Dec 14 08:55:19 UTC 2010

On 9 dec 2010, at 11.15, Rickard Bellgrim wrote:

>>> The rollover procedures are still quite a mess. Could you perhaps propose
>>> how we should do this in a clean way, so that the
>>> DelegationSignerSubmitCommand also function as intended?
>> The only way I can think to make this clean is to force a pure rollover scheme 
>> on the user... This would mean disabling the no-retire flag and having the 
>> dssub command only send the new key.
>> Is this too draconian and restrictive though? Keep in mind that this might be 
>> the only KSK rollover scheme available for the next two releases...
> What do you Jakob say about this?

After some discussion with Jakob...

Maybe it is too late to disable the no-retire flag, but we can add it to known issues that it will break DNSSEC.

Then make sure that the DSSC will send the correct set of keys.

// Rickard

More information about the Opendnssec-develop mailing list