Hi Rickard, On Sep 3, 2010, at 12:01 , Rickard Bellgrim wrote:
> On 26 aug 2010, at 17.32, Johan Ihren wrote: > >> Given support for keys stored in offline HSMs, supporting standby keys >> becomes if not trivial at least not a daunting task. >> >> I'll post part #2 in a minute, which contains some thoughts on how to >> support standby keys in opendnssec assuming that HSMs containing keys may >> be offline. > > This is how we will do it. > > * Standby keys will become an optional parameter in kasp.xml (and removed > from the kasp.xml example) > * They will be marked as experimental in the documentation (because we do not > support offline HSMs yet) > * The system will handle standby keys, if the user still believe that the > current implementation gives them what they want > * In a future version we will support offline HSMs and standby keys will not > be experimental anymore. This sounds very reasonable. Thanks for reconsidering the issue. Regards, Johan _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
