Hi Antoin, Am 11.06.2010 11:02, schrieb Antoin Verschuren: [...] >
Isn't it true that for a ZSK rollover, OpenDNSSEC needs access to the KSK, at least for signing ? Or if you pregenerate ZSK's to be used by OpenDNSSEC, you need to generate signatures by the KSK's as well right ? Where are they stored, and how do you pregenerate these ZSK's and signatures for the lifetime of the KSK ? How do you configure that in OpenDNSSEC so it knows where to get the ZSK's and signatures ?
We are currently thinking about such an implementation setup with pregenerated ZSKs and signatures and unfortunately I think such a setup is not possible with the current OpenDNSSEC.
Best, Michael _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
