DNSSEC key rollover

Thu Jan 22 17:59:36 CET 2015

On 1/22/2015 10:08 AM, Carsten Strotmann (sys4) wrote:

>>    * Should the he interval in this setup be checked against TTLs.
> Sorry, I'm not seeing what the "he" interval is. Can you explain?
>
*/the he -> the/*, I think I typed the twice and only partially removed 
the second one.
It should read "Should the intervals in this setup be checked against 
TTLs."

However, looking back at it I am not sure what I would be checking them for.

|<--------------------------- Key Life ------------------------------>|
| |
|<- Lead Time ->|<--------- Active  Life --------->|<-  Retirement  ->|
|               | |                  |
|____ __________|__________________________________|__________________|
|    |          | |                  |
|    |<-Publish | |                  |
|               | |                  |
|<- Create      |<- Active              Inactive ->|          Delete->|

I am think of changing the above. Either replace "lead time" with 
"latency" and use lead time to describe the period between creation and 
publication, or vice versa.

-- 
John Allen
KLaM
------------------------------------------
Inside every older person is a younger person wondering what the hell 
happened!!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.sys4.de/cgi-bin/mailman/private/dane-users/attachments/20150122/bcf2c2a2/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4268 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://mail.sys4.de/cgi-bin/mailman/private/dane-users/attachments/20150122/bcf2c2a2/attachment.bin>