[Freeipa-devel] DNSSEC support design considerations: key material handling

[Simo Sorce]

I will reply to the rest of the message later if necessary, still
digesting some of your answers, but I wanted to address the following
first.

On Fri, 2013-07-19 at 18:29 +0200, Petr Spacek wrote:
> 
> The most important question at the moment is "What can we postpone?
> How 
> fragile it can be for shipping it as part of Fedora 20?" Could we
> declare 
> DNSSEC support as "technology preview"/"don't use it for anything
> serious"?

Until we figur out proper management in LDAP we will be a bit stuck, esp
if we want to consider usin the 'somthing' that stores keys instead of
toring them stright in LDAP.

So maybe we can start with allowing just one server to do DNSSEC and
source keys from files for now ?

as soon as we have that workign we should also have clearer plans about
how we manage keys in LDAP (or elsewhere).

Simo.
> 
-- 
Simo Sorce * Red Hat, Inc * New York