[Opendnssec-develop] Automatic introduction of manual keys.
Yuri Schaeffer
yuri at nlnetlabs.nl
Fri Oct 21 12:41:28 UTC 2011
> The ManualRollover stops us from making a key retired. But it does not
> stop us from introducing a new key. We want to minimize the waiting
> time for the user by doing as much as possible before the user decides
> to retire the old key and make the new one active.
So what you are suggesting is the following?:
1) key A reached lifetime, generate new key B
2) Intro key B, but hold DS
... wait for user input
3) Switch DS key A and B
4) outro key A
This seems really awkward to me, especially since the DS switch
currently is a manual process anyway.
What about manual ZSK's? What parts will be introduced before the user
gives the command?
I might be missing the point of manual keys.
//yuri
More information about the Opendnssec-develop
mailing list