is this "normal" if not what to do about it?
John
john at klam.ca
Wed Jan 28 02:12:40 CET 2015
On 1/27/2015 5:42 PM, Viktor Dukhovni wrote:
> On Tue, Jan 27, 2015 at 05:30:26PM -0500, John wrote:
>
> However, if I look a little closer I see that my RRSIG has a life of about
> 30 days. I don't remember specifying any times when I signed my zones, plus
> I am now using inline signing.
> That's what I'm talking about. The 30 day lifetime is likely a
> default if you don't override it. It is likely best to leave it
> that way, unless you have stricter security requirements and the
> operational capability to work within a more narrow expiration
> window.
>
Darn you Mr Dukhovni, there I was drifting along in blissful ignorance,
now you have made think ;) Now I have to investigate
sig-validity-interval, ha well.
With inline signing, how much extra work do you think will/would be
involved.
--
John Allen
KLaM
------------------------------------------
An empty stomach is not a good political adviser.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4268 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://mail.sys4.de/cgi-bin/mailman/private/dane-users/attachments/20150127/340068d7/attachment-0001.bin>
More information about the dane-users
mailing list