[Opendnssec-develop] Enforcer changes

Sion Lloyd sion at nominet.org.uk
Tue May 11 13:39:02 UTC 2010


Hi there,

I'm looking at what I need to do to the enforcer and I'm going to suggest that I sort out key sharing before I restructure the code to try to improve speed.

This is the opposite way to pivotal but I think that it is more logical as the changes to fix key sharing will have an impact on the redesign.

Basically I will move all the timings into the dnsseckeys table from the keypairs table and shake until it works. Then I can look at indexing tables etc... Note that this means v1.2 will need a different database structure and so will not be backwards compatible, does that seem reasonable to everyone?

One question, should we be able to mark an instance of a key in a zone as compromised without marking other uses of that key? I think that marking one should mark them all (this changes which table the "compromisedflag" column goes in).

I also need to think about how to keep keys synchronised between zones, or how to not worry about it... When I formulate that question properly I'll ask the list.

Cheers,

Sion
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20100511/2e26f797/attachment.htm>


More information about the Opendnssec-develop mailing list