[Opendnssec-develop] Enforcer changes
sion at nominet.org.uk
Tue May 11 13:39:02 UTC 2010
I'm looking at what I need to do to the enforcer and I'm going to suggest that I sort out key sharing before I restructure the code to try to improve speed.
This is the opposite way to pivotal but I think that it is more logical as the changes to fix key sharing will have an impact on the redesign.
Basically I will move all the timings into the dnsseckeys table from the keypairs table and shake until it works. Then I can look at indexing tables etc... Note that this means v1.2 will need a different database structure and so will not be backwards compatible, does that seem reasonable to everyone?
One question, should we be able to mark an instance of a key in a zone as compromised without marking other uses of that key? I think that marking one should mark them all (this changes which table the "compromisedflag" column goes in).
I also need to think about how to keep keys synchronised between zones, or how to not worry about it... When I formulate that question properly I'll ask the list.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Opendnssec-develop