[Opendnssec-develop] ZSK rollovers

Jakob Schlyter jakob at kirei.se
Thu May 6 13:03:04 UTC 2010

On 6 maj 2010, at 15.01, Matthijs Mekking wrote:
>>> That rule implies that we always going to use double signature rollover
>>> for KSKs and always going to use pre-publish key rollover for ZSKs
>> for KSK, no - if you use a pre-publish key rollover for the KSK it works as well.
> Sure, because you never reuse signatures in this special rule, you can
> do every rollover you want.

the idea is to reuse signatures as long as the set of key signing keys is unchanged.


More information about the Opendnssec-develop mailing list