[Opendnssec-develop] Default to zero standby keys
Rickard Bellgrim
rickard.bellgrim at iis.se
Tue Jul 6 13:34:22 UTC 2010
On 6 jul 2010, at 15.03, Sion Lloyd wrote:
> This is certainly the case for KSKs; I can write more documentation if that
> will help.
Documentation is always good.
> Is there actually any point in having standby keys set if you can not select a
> different HSM for these keys?
Probably not.
The current standby keys is only good when the reason for the emergency is that someone has calculated the private key for the current key. If there is a compromise of the key store, then the standby key is probably compromised.
So either we should,
1. Introduce the concept of alternative storage place for the standby key
or
2. Remove standby keys and recommend the user to handle that outside OpenDNSSEC. E.g. generate your own keys. Add DS to parent and pre-publish ZSK in the unsigned zone.
> I am happy for the default to be set to zero regardless of the answer to the
> above.
I will commit that to trunk and 1.1 branch.
// Rickard
More information about the Opendnssec-develop
mailing list