Uploaded image for project: 'OpenDNSSEC'
  1. OpenDNSSEC
  2. OPENDNSSEC-842

Migration during rollover fails

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      Migration is not done properly during a (ZSK) roll over. New zsk will be marked OO instead of OR. Old key will then be retracted, but there are still signatures made with it.

      Migration script is at fault. Also we need to consider how the enforcer signals the signer not to use a key at all. The signconf still had the key, but without publish or active flag. This means for the signer that it is allowed to keep the signatures. How to fix this?

        Attachments

          Activity

            People

            Assignee:
            yuri Yuri Schaeffer
            Reporter:
            yuri Yuri Schaeffer
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: