[Opendnssec-develop] Importing shared keys

Sion Lloyd sion at nominet.org.uk
Wed Jul 21 08:59:10 UTC 2010

I'm getting through the shared keys work and am beginning to get to some of 
the things that I hadn't thought about before. So this may be the first of 
many questions...

What would people like to see happen on key import? Currently you need to 
specify a zone to import the key onto, and then we have a choice:

Make this key available to other zones on the policy,



The simplest thing is to make it available, but are there reasons why we may 
not want to do this?

On this note, are there any reasons to have an "import onto policy" function 
where you can import a key in a particular state and it will appear in that 
state in all zones on that policy? (Currently the key would be in the imported 
state on the zone it was imported on, and just in the general pool of unused 
keys for all other zones.)


More information about the Opendnssec-develop mailing list