[dns-wg] RIPE NCC DNSSEC Key Maintenance: Preemptive Key Signing Key Rollover
- Previous message (by thread): [dns-wg] RIPE NCC DNSSEC Key Maintenance: Preemptive Key Signing Key Rollover
- Next message (by thread): [dns-wg] dnssec statistics action point 52.2
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Olaf M. Kolkman
olaf at NLnetLabs.nl
Fri Sep 15 19:34:53 CEST 2006
On 14Sep 2006, at 7:03 PM, bmanning at vacation.karoshi.com wrote: > as a suggestion, could you -please- put a date on the web page > that indicates when the keys were generated or expected to be valid? > I agree the inception date to be very handy. But an expected end date has the danger that people will hard code such thing into their scripts and that might prevent rolls just like the one we see now. The minimal time they are to be valid would be OK. Then the script can take that as its TTL. I would also like to point this community to draft-ietf-dnsext- trustupdate-timers which is very relevant in this context --in terms of a standarized method for automatic rollovers-- and is about to be last called. [1] http://tools.ietf.org/wg/dnsext/draft-ietf-dnsext-trustupdate- timers/ ---Olaf ----------------------------------------------------------- Olaf M. Kolkman NLnet Labs http://www.nlnetlabs.nl/
- Previous message (by thread): [dns-wg] RIPE NCC DNSSEC Key Maintenance: Preemptive Key Signing Key Rollover
- Next message (by thread): [dns-wg] dnssec statistics action point 52.2
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]