[Opendnssec-develop] Off-by-one error and new year
Olaf Kolkman
olaf at NLnetLabs.nl
Wed Dec 28 08:19:16 UTC 2011
On Dec 27, 2011, at 11:36 AM, Rickard Bellgrim wrote:
> Hi
>
> An error, as seen on the user's list, has been uncovered. I think we
> should make an announcement of this.
>
> Due to this error, you could get signatures that are valid for one
> year extra. What happens if you leave the signature in the zone? Will
> it be removed during the next key rollover?
>
> This problem is only on 32-bit platforms.
>
> I think they should remove the tmp files and create new signatures.
I read the thread which seemed to focus on the operational aspects. What are the risks in the context of replay attack?
--Olaf
________________________________________________________
Olaf M. Kolkman NLnet Labs
http://www.nlnetlabs.nl/
More information about the Opendnssec-develop
mailing list