[dns-wg] DNSSEC Policy Development Process
- Previous message (by thread): [dns-wg] DNSSEC Policy Development Process
- Next message (by thread): [dns-wg] DNSSEC Policy Development Process
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
McTim
dogwallah at gmail.com
Tue Aug 30 11:11:24 CEST 2005
HI Olafje, On 8/30/05, Olaf M. Kolkman <olaf at ripe.net> wrote: ttp://www.ripe.net/rs/reverse/dnssec/registry-procedure.html > > > > "Is the signature validity period close to expiring and are the Times > > To Live (TTLs) a reasonable fraction of the signature validity > > period?" <snip> > We currently test on the TTL being at least 2 times smaller than the > signature validity period. ok, ta, sounds "reasonable" to me. > > > > I'm confused about this para on same page: > > It will use the "ds-rdata:" attribute of the domain object currently > > available in the RIPE Whois Database to select the appropriate default > > DNSKEY RR. It will then select a new "ds-rdata:" attribute." > > > > How do you use the "currently available object" to create an object if > > this object doesn't exist until you create it? > > > > That text applies to when a key rollover is being performed. During > the initial upload the default is > the DNSKEY RR with the SEP flag set. aha, sorry it wasn't clear to me at the time, it is now. Will it be clear to non-english speakers who try to follow the procedure? Maybe a mention of the key rollover would generate less confusion? <snip> > > I hope this clarifies. yes, thnx. -- Greetz, McTim nic-hdl: TMCG
- Previous message (by thread): [dns-wg] DNSSEC Policy Development Process
- Next message (by thread): [dns-wg] DNSSEC Policy Development Process
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]