TLSA record TTL values
Viktor Dukhovni
ietf-dane at dukhovni.org
Wed Feb 22 23:50:03 CET 2017
> On Feb 22, 2017, at 5:17 PM, John Allen <john at klam.ca> wrote:
>
> Is the any recommendation as to the TTL for TLSA records?
An hour or less. Depending on how time-sensitive your email is.
Keep in mind the refresh time of secondary servers, setting the
TTL much below that does not help much.
> I would imagine fairly short as if the is a problem you want the old ones gone ASAP!
Yes, that's the basic motivation to keep it reasonably short.
--
Viktor.
More information about the dane-users
mailing list