We've discussed this on the mailing list, but I couldn't find a bug for it. Most people (me included) seem to associate "insecure key" with the key not being adequate to be secure, not with the tranport of the key not being secured via DNSSEC. Perhaps the current "insecure key" comment could be "key retrieval not secure" and an key shorter than 1024 bits could be reported as "insecure key length" to make the distinction clear. In any case, please change the existing DNSSEC related comment as it's confusing people.
Log in to post a comment.