[Opendnssec-develop] Enforcer changes
jakob at kirei.se
Mon May 24 07:42:56 UTC 2010
On 11 maj 2010, at 15.39, Sion Lloyd wrote:
> Basically I will move all the timings into the dnsseckeys table from the keypairs table and shake until it works. Then I can look at indexing tables etc... Note that this means v1.2 will need a different database structure and so will not be backwards compatible, does that seem reasonable to everyone?
> One question, should we be able to mark an instance of a key in a zone as compromised without marking other uses of that key? I think that marking one should mark them all (this changes which table the "compromisedflag" column goes in).
yes - if a keypair is compromised, all zones utilizing this keypair are affected.
More information about the Opendnssec-develop