[Opendnssec-develop] Automatic introduction of manual keys.
Rickard Bellgrim
rickard at opendnssec.org
Thu Oct 20 11:58:22 UTC 2011
> Enforcer:
> Generate both keys and introduce them in the zone. This is not
> considered a rollover.
>
> Enforcer NG:
> Introduce only the ZSK. Wait for user signal to introduce the KSK. This
> is a rollover like any other.
>
> Personally I like the new behavior, as it feels more consistent. The
> user asks not to do any automatic stuff with the KSK, so we don't.
The ManualRollover stops us from making a key retired. But it does not
stop us from introducing a new key. We want to minimize the waiting
time for the user by doing as much as possible before the user decides
to retire the old key and make the new one active.
// Rickard
More information about the Opendnssec-develop
mailing list