+--On 8 juillet 2010 13:08:09 +0200 Rickard Bellgrim <rickard.bellg...@iis.se> wrote: | So, what kind of emergency rollovers do you expect?
Well, I don't expect the key to have leaked from my HSM, because it's not "online" per se, and if I did it right with my other hats as security officer and network architect the only emergency rollover I expect is broken key through crypto analysis, which, is of course, the hardest one to figure out :-) But I do get your point, I probably don't need standby keys because I don't see anyone who would want to do "bad things" with the domain my blog is on, or the small antique books store around the corner. But my security needs are in no way the same of a tld. I do agree with you that it'd be nice to be able to have separate HSM for that kind of things, but I'd really be sad to see the feature go, even if it's not perfect. -- Mathieu Arnold _______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
