Re: [dns-wg] DNSSEC Policy Development Process
-
To: "Olaf M. Kolkman" <>
-
From: McTim <>
-
Date: Tue, 30 Aug 2005 12:11:24 +0300
-
Cc: Jim Reid <>,
-
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=bNyFipZ7Oc98fOm3MDvNVG+STwYrVW81AhqGe2YXEIfH/evE8v/9c7d5TuEz3Z9MIOtt0loYUN23eQV7xFoPXpElCO+owXU2u900w09STMEhO8SI5WEvbnfueewygnXLKnpTYdOvzcdH4aptSs/WkXj2RlAdnG/cjsCxHIFb5RM=
HI Olafje,
On 8/30/05, Olaf M. Kolkman olaf@localhost wrote:
ttp://www.ripe.net/rs/reverse/dnssec/registry-procedure.html
> >
> > "Is the signature validity period close to expiring and are the Times
> > To Live (TTLs) a reasonable fraction of the signature validity
> > period?"
<snip>
> We currently test on the TTL being at least 2 times smaller than the
> signature validity period.
ok, ta, sounds "reasonable" to me.
>
>
> > I'm confused about this para on same page:
> > It will use the "ds-rdata:" attribute of the domain object currently
> > available in the RIPE Whois Database to select the appropriate default
> > DNSKEY RR. It will then select a new "ds-rdata:" attribute."
> >
> > How do you use the "currently available object" to create an object if
> > this object doesn't exist until you create it?
> >
>
> That text applies to when a key rollover is being performed. During
> the initial upload the default is
> the DNSKEY RR with the SEP flag set.
aha, sorry it wasn't clear to me at the time, it is now.
Will it be clear to non-english speakers who try to follow the
procedure? Maybe a mention of the key rollover would generate less
confusion?
<snip>
>
> I hope this clarifies.
yes, thnx.
--
Greetz,
McTim
nic-hdl: TMCG
|
you are here: RIPE -> RIPE Maillists > Archives
