It appears that Peter Thomassen <[email protected]> said: >Without any hats: I think it's useful to have the emergency practices >described in this draft documented as an >Informational RFC, so I'm in favor of adoption and will be happy to contribute >by reviewing.
I looked at it and this draft bears no relation at all to the way I sign my 200 zones. I suspect my approach is fairly typical: software running on a BSD server that has reasonably secure access controls and daily backups. Perhaps atypically, the server and backups are in a room where I know all the people who have keys (the metal kind that open the door.) I also suspect that people who are risk averse enough to buy HSMs to do signing have their own opinions about how they'd do disaster recovery. Perhaps we could ask some of them. This draft is a blog post, but not a good use of our time. R's, John _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
