[Opendnssec-develop] ZSK rollovers
jakob at kirei.se
Thu May 6 12:07:57 UTC 2010
On 6 maj 2010, at 14.07, Matthijs Mekking wrote:
> That rule implies that we always going to use double signature rollover
> for KSKs and always going to use pre-publish key rollover for ZSKs
for KSK, no - if you use a pre-publish key rollover for the KSK it works as well.
for ZSK, yes - but doing anything else for ZSK rollovers is IMHO just plain stupid.
also, doing double signature rollovers with just one combined KSK/ZSK works as well but that is just absurd.
More information about the Opendnssec-develop