Uploaded image for project: 'OpenDNSSEC'
  1. OpenDNSSEC
  2. OPENDNSSEC-547

Allow users to only generate keys on demand (no pre-generation)

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: future
    • Component/s: Enforcer NG
    • Labels:
      None

      Description

      In 1.4 if the system is configured for automatic key generation then keys are generated at the start of an enforcer run as needed.

      In 2.0, since there is no concept of and 'enforcer run' it, just runs all the time, then keys are regenerated according to the <AutoKeyGenInterval>.

      However, this could potentially result in large numbers of keys being generated that are not needed for a very long time. I would like to investigate the option of providing users the ability to retain the 'just-in-time' key generation model that is effectively offered by 1.4. Perhaps we could specify that if the <AutoKeyGenInterval> is set to 0 seconds then keys are generated only as they are actually needed i.e. at the beginning of a rollover.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            sara Sara Dickinson
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: