DNSSEC intervals
John
john at klam.ca
Thu Jan 22 19:50:15 CET 2015
On 1/19/2015 7:21 AM, Carsten Strotmann wrote:
> Hello John,
>
> https://tools.ietf.org/html/rfc6781
>
> the standard "names" are in RFC 6781
> <https://tools.ietf.org/html/rfc6781>
I read them both the draft, and the RFC. A little like eating saw dust,
but if you want to make sure thinks are unambiguous I suppose that's
inevitable.
Why a formal period between "ready" and "active", surely if the
publishing period is correctly chosen then a key is activated when
ready. Similarly when a key has reach the end of its retirement and is
dead, surely it should be removed from the system asap. The more junk
there is lying around the greater the likely hood of error.
Regards
--
John Allen
KLaM
------------------------------------------
we should be careful not to ascribe to malice what could equally be
explained by incompetence.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4268 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://mail.sys4.de/cgi-bin/mailman/private/dane-users/attachments/20150122/1aca8bf7/attachment.bin>
More information about the dane-users
mailing list