On Wed, 2008-11-19 at 21:55 +0100, Adam Tkac wrote:
> does anyone know if is it possible to sign multiple domains with one
> KSK?
Adam,
I suspect your question may need to be more specific.
Are you asking about the signing process itself, or rather
about how certain aspects of this process need to be exposed
in the DNS?
The RFC-fragment you cite seems to me to require that each
signed zone needs its set of [KZ]SK exposed in the DNS, but
to be silent on whether a single key can be reused by appearing
as RDATA in the DNSKEY RRsets of multiple zones.
I haven't read 4033/4034 thoroughly, so it's possible I may
have misunderstood completely.
Best regards,
Niall O'Reilly
_______________________________________________
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
