[Opendnssec-user] Why do we need standby keys? Part #1: why
Rickard Bellgrim
rickard.bellgrim at iis.se
Fri Sep 3 10:01:33 UTC 2010
On 26 aug 2010, at 17.32, Johan Ihren wrote:
> Given support for keys stored in offline HSMs, supporting standby keys becomes if not trivial at least not a daunting task.
>
> I'll post part #2 in a minute, which contains some thoughts on how to support standby keys in opendnssec assuming that HSMs containing keys may be offline.
This is how we will do it.
* Standby keys will become an optional parameter in kasp.xml (and removed from the kasp.xml example)
* They will be marked as experimental in the documentation (because we do not support offline HSMs yet)
* The system will handle standby keys, if the user still believe that the current implementation gives them what they want
* In a future version we will support offline HSMs and standby keys will not be experimental anymore.
// Rickard
More information about the Opendnssec-user
mailing list