[Opendnssec-develop] Importing shared keys

Alex Dalitz AlexD at nominet.org.uk
Wed Jul 21 11:15:37 UTC 2010


> What if, for instance, you want to move a zone to a shared-key policy
> and the new policies requires bigger keys? What would that use case look
> like (and which requirements does that translate to)?

Handling a policy change for a zone is something I'm just about to start work on. The auditor (for version 1.2) will see that the policy has changed, and suppress errors for cases which have been caused by a change in policy.

I'm not sure how we'd handle importing keys which did not obey the policy. Some kind of "imported-keys" file to record the keys which have been imported, so the auditor can ignore them, possibly?

Thanks,


Alex.


More information about the Opendnssec-develop mailing list