On 25 jun 2010, at 11.41, Ondřej Surý wrote:
> - No way how to get rid of a imported key or change a state of already
> imported key
Once the key is imported, it is supposed that the enforcer updated the state.
> - If I delete zone and re-add it later, the keys are lost, but you
> cannot re-import keys with same CKA_ID.
Removal of a zone does not remove the keys.
> - No way how to remove "lost" keys (see previous remark).
ods-hsmutil remove <id>
> - Algorithm rollover is missing? And it's not in the roadmap yet?
It is planned for 1.3, but the roadmap is not update. Will do that next week.
Algorithm rollover is essentially like going from unsigned to signed with the
new algorithm. Then at one point you decide to go unsigned with the old
algorithm. The Enforcer should be able to handle multiple sets of algorithms,
and also that the kasp.xml must be expanded (so that you can have multiple ksk
and zsk fields)
> - I was able to create such a mess in the keys for udp53.cz, that I
> had to disable auditor :)
We should have a look on this.
// Rickard
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
