Resolve "Merge trusted-key and managed-keys" (!659) · Merge requests · ISC Open Source Projects / BIND

Evan Hunt requested to merge 6-deprecate-trusted-keys into master Aug 16, 2018

This is an initial pass at marking trusted-keys as deprecated but still retaining its functionality for the time being.

trusted-keys is now flagged as deprecated, but it still works
managed-keys can be used to configure permanent trust anchors by using the "static" keyword in place of "initial-key"
trusted-keys is no longer allowed in bind.keys

If we decide this is good idea, then we should also add "dnssec-keys" as a new synonym for "managed-keys", and phase "managed-keys" out too, since it's no longer an accurate description. Also, if we do this, it still needs a lot of work, including a lot of updated documentation, and updating the tests to use the new syntax (though they work now with the old syntax).

I'm really not sure it's worth doing, though. ICANN's decided to roll the key, and if people with old trusted-keys configurations get bit by it, presumably they'll all be smarter next time.

Closes #6 (closed)

Edited Jun 05, 2019 by Evan Hunt

Resolve "Merge trusted-key and managed-keys"

Merge request reports