[Opendnssec-develop] Automatic introduction of manual keys.

[Yuri Schaeffer]

>> Then I would prefer option A/B.

> Although you could argue that this is a rollover; I think that by asking
> for the zone to be signed the user has agreed to the KSK being introduced.

I did implement option B.
If the enforcer finds a key entry in the kasp for algorithm X and X is
not yet used in the zone, it will introduce that key. Regardless of the
Manual flag.

If the user changes the algorithm (from unsigned to X or Y to X) the
enforcer assumes signing with X must be done *now*.

Also, this will work as expected when signing with multiple keys
simultaneously.

-- 
Yuri Schaeffer
NLnet Labs
http://www.nlnetlabs.nl