[Opendnssec-user] Why do we need standby keys?
Johan Ihren
johani at autonomica.se
Wed Aug 11 13:46:04 UTC 2010
Hi,
On Aug 9, 2010, at 09:42 , Rickard Bellgrim wrote:
> Hi OpenDNSSEC users
>
> On 8 jul 2010, at 11.26, Rickard Bellgrim wrote:
>
>> Our idea: The support of standby keys in OpenDNSSEC can be deprecated, because it can be handled outside the system
>
> The conclusion I make from the previous discussion is that we can go ahead with this proposal. We do not want to do any hasty decisions, so that is why we are asking for your comments one more time.
That's much appreciated, as I was on vacation until recently (which I'm sure is true of many others also).
My view is that it would be a mistake to not have support for standby keys and I strongly suspect that the percieved gains (in complexity) would be less than hoped for as you still need support for multiple HSMs and also for HSMs that are not always online.
Because of the vacation period I'd much appreciate it if you could hold off on any final decisions in this area for a few weeks as I'd like to discuss this with my co-authors of the key timing draft (in which standby keys are present).
Regards,
Johan
More information about the Opendnssec-user
mailing list