Maik Zumstrull wrote:
[key rollover]
> The basic logic per zone is:
>
> Disable any expired ZSKs
> Make sure there is an active ZSK
>If we already have a fresh spare key, enable it
>Otherwise, create a fresh and immediately active key
> If the active ZSK will expire soon, create a spare
On Wed, May 11, 2011 at 08:19:01PM +0200, Posner, Sebastian wrote:
> >Otherwise, create a fresh and immediately active key
> > If the active ZSK will expire soon, create a spare key
>
> These last two lines implicate another question: Is there any
> possibility to influence the source of rand
bert hubert wrote:
> > Perhaps a question for everybody.. How do make yure you have enough
> > *good* random for (frequent) key generation for (many) different
> > zones?
>
> I've heard good things about http://www.entropykey.co.uk/ .
> This is a sort of halfway solution - I'd not suggest just u
