[Opendnssec-develop] Defining KSK rollover schemes

sion at nominet.org.uk sion at nominet.org.uk
Mon Feb 22 11:52:59 UTC 2010

> > This means adding an option to kasp.xml; and I think that it will
involve a
> > database schema change too.
> Would any changes be incompatible with version 1.0? How to handle
> updates between 1.0 and 1.1, so that we do not get many migration

I have not got the details quite finished yet. The issue is that for some
schemes we need to know when the DS record was seen. We might not need to
store the timestamp itself, I will avoid this if I can. If we can not avoid
it then I will create update scripts, increment the database schema etc. I
will try to make it backwards compatible if I can, and thinking off the top
of my head it should be possible.

> > So, does the following look reasonable?
> It looks reasonable. And if nothing is specified, then we default
> to? Should the default KASP be update with this element?
> > +       "DoubleDNSKey" |
> DoubleDNSKEY
> > +       "DoubleRRSet"
> DoubleRRset

Thank you, I meant to ask if people had a preference for what to default to
(I was thinking DoubleDS); whatever it is should go in the default kasp


More information about the Opendnssec-develop mailing list