Key algorithm rollover is a bit different to a regular KSK or ZSK rollover and nothing you should have to do mutch often. So this is currently not implemented and will not be implemented in the future (expcept someone will donate it).I have another quick question about key algorithm rollover. I saw some mention of this while glancing through the rollover.c code, but didn't notice any cleanup code.
Is it the case, that if I change my dnssec.conf file to use a different algorithm (eg: NSEC3 instead of just NSEC supporting algorithms), then it will generate a key set of active/standby keys, but not retire the old ones? Or, will those just get retired at the end of their lifetime parameters?
A key algorithm rollover should be done manually. If the rollover is done, you can use ZKT for the regular stuff again. Holger
smime.p7s
Description: S/MIME Kryptografische Unterschrift
------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnmore_122712
_______________________________________________ zkt-users mailing list zkt-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/zkt-users
