Question about KSK

Bill Owens owens at nysernet.org
Fri Apr 27 13:00:59 UTC 2012


On Fri, Apr 27, 2012 at 08:40:54AM -0400, WBrown at e1b.org wrote:
> We are authoritative for a few dozen small zones.  Is it possible to use 
> the same KSK for all of them?  I can see where if it gets compromised we 
> would need to resign all zones using the KSK at once.  How much effort 
> would I be saving sharing the KSK?
> 
> I'm sure there are plenty of other good reasons not to do this... 
> Enlighten me!

Don't know about reasons for or against, but Binero AB, a big provider in Sweden, signs thousands of their customers' zones with the same KSK and ZSK.

Bill.



More information about the bind-users mailing list