On 26 aug 2010, at 17.32, Johan Ihren wrote: > Given support for keys stored in offline HSMs, supporting standby keys > becomes if not trivial at least not a daunting task. > > I'll post part #2 in a minute, which contains some thoughts on how to support > standby keys in opendnssec assuming that HSMs containing keys may be offline.
This is how we will do it. * Standby keys will become an optional parameter in kasp.xml (and removed from the kasp.xml example) * They will be marked as experimental in the documentation (because we do not support offline HSMs yet) * The system will handle standby keys, if the user still believe that the current implementation gives them what they want * In a future version we will support offline HSMs and standby keys will not be experimental anymore. // Rickard _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
