Uploaded image for project: 'OpenDNSSEC'
  1. OpenDNSSEC
  2. OPENDNSSEC-251

Support for offline KSK

    XMLWordPrintable

    Details

    • Type: Story
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: future
    • Component/s: Enforcer NG, Signer
    • Labels:
      None

      Description

      This story is about supporting offline KSK in OpenDNSSEC. The current design idea is to use a scheme similar to the one that is used between ICANN and Verisign for the root zone. This scheme includes the following steps:

      1. the ZSK maintainer submits a set set of intervals to sign for, and sends an XML file to the KSK maintainer for signing
      2. the KSK maintainer signs the XML file using the KSK, and returns the signed data to the ZSK maintainer
      3. the ZSK maintainer extracts the current signed keyset from the signed XML file and inserts it into the zone file

        Attachments

          Issue Links

          relates to

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. OPENDNSSEC-726 Support for disconnected KSK

          • Major - Major loss of function.
          • Resolved

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              jakob Jakob Schlyter
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated: