[Opendnssec-develop] [OpenDNSSEC] #88: Race condition in key backup?

[OpenDNSSEC]

#88: Race condition in key backup?
--------------------+-------------------------------------------------------
Reporter:  vanrein  |       Owner:  sion    
    Type:  defect   |      Status:  new     
Priority:  major    |   Component:  Enforcer
 Version:           |    Keywords:          
--------------------+-------------------------------------------------------
 If I read the documentation correctly, there is a race condition in the
 manual key backup procedure.

 While I am doing a backup, keys may still be generated automatically by
 OpenDNSSEC.  This makes it difficult to decide when I should submit the
 "ods-ksmutil backup done" command?

 If I submit the command before making the backup, I would initiate the use
 of keys that haven't been backed up yet.  But if I submit the command
 after making the backup, I could have missed backing up a key that just
 got created, and again, cause it to be used before it is backed up.

 I don't know if/how the key generation can be stopped during the backup
 procedure.  Also, using "ksmutil backup list" does not reveal the number
 of keys standing by for backup so I could verify that none got added, nor
 does "ksmutil backup done" tell me how many keys have been marked fit-for-
 use, let alone that it would have me constrain how many it could mark fit-
 for-use.

 Ideally, backups would be a 2-phase procedure, but a work-around could be
 anything that ensures that no keys were generated since the backup
 started.  Is there a way we can document how to avoid this race condition
 by following a (slightly more complicated) procedure, so DNS
 administrators can be absolutely certain that all the keys in use have
 been backed up if <RequireBackup/> is used?

-- 
Ticket URL: <http://trac.opendnssec.org/ticket/88>
OpenDNSSEC <http://www.opendnssec.org/>
OpenDNSSEC