<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style id="owaParaStyle" type="text/css">P {margin-top:0;margin-bottom:0;}</style>
</head>
<body ocsi="0" fpstyle="1">
<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">To paraphrase the key timings draft:<br>
<br>
* A key in the "publish" state moves into the "ready" state when it has<br>
* been published for at least:<br>
*<br>
* Ipc = TTLkeyc + Dpc +Sp<br>
*<br>
* ... where:<br>
*<br>
* TTLkeyc = TTL of the ZSK DNSKEY record<br>
* Dpc = Propagation delay<br>
* Sp = Publish Safety Margin<br>
*<br>
<br>
OpenDNSSEC will attempt to publish a key at least this far ahead of the previous ZSK's retire time. It is slightly complicated by the run interval of the enforcer, so might be a bit earlier.<br>
<br>
Generation may be as required (i.e. it will be generated and published at the same time) or you may generate a whole batch of keys ahead of schedule.<br>
<br>
Sion<br>
<br>
<div style="font-family: Times New Roman; color: #000000; font-size: 16px">
<hr tabindex="-1">
<div style="direction: ltr;" id="divRpF600265"><font color="#000000" face="Tahoma" size="2"><b>From:</b> opendnssec-user-bounces@lists.opendnssec.org [opendnssec-user-bounces@lists.opendnssec.org] on behalf of Javier Jiménez Huedo [bodegax@gmail.com]<br>
<b>Sent:</b> 13 May 2014 13:18<br>
<b>To:</b> opendnssec-user@lists.opendnssec.org<br>
<b>Subject:</b> [Opendnssec-user] How to calc new ZSK / KSK and pre-publish date<br>
</font><br>
</div>
<div></div>
<div>
<div dir="ltr">Dear OpenDNSSEC users,<br>
<div><br>
I am confused about the following behavior of openDNSSEC:<br>
<br>
I have the following ZSK active key:<br>
<br>
Key type State: Next transition:<br>
ZSK active 2014-05-19 16:02:20 (retire) <br>
<br>
<div>KSK Lifetime P20D<br>
</div>
ZSK LifeTime P10D<br>
<br>
<br>
</div>
<div><span id="result_box" class="" lang="en"><span class="">How</span> <span class="">
I can</span> <span class="">calculate the date</span> <span class="">of</span> <span class="">
generation of the</span> <span class="">next</span> <span class="">ZSK</span> <span class="">
key</span><span class="">?</span> <br>
<span class="">How</span> <span class="">I can</span> <span class="">calculate the date</span>
<span class="">of</span> <span class="">pre</span><span class="">-publication</span>
<span class="">next</span> <span class="">ZSK</span> <span class="">key</span><span class="">?</span></span></div>
<div><br>
Kasp.xml:<br>
<br>
<Signatures><br>
<Resign>PT5H</Resign><br>
<Refresh>P2D</Refresh><br>
<Validity> <br>
<Default>P5D</Default><br>
<Denial>P5D</Denial><br>
</Validity><br>
<InceptionOffset>PT3600S</InceptionOffset><br>
...<br>
<Signatures><br>
<br>
<br>
<keys><br>
<TTL>PT3600S</TTL><br>
<PublishSafety>PT1H</PublishSafety> <br>
...<br>
</div>
</keys><br>
<div><Zone><br>
<PropagationDelay>PT30S</PropagationDelay><br>
...<br>
</div>
<div></zone><br>
</div>
<div><parent><br>
<PropagationDelay>PT5H</PropagationDelay><br>
<DS><TTL>P1D</TTL></DS><br>
<SOA><TTL>P1D</TTL> <Minimum>P1D</Minimum></SOA><br>
</div>
<div></parent><br>
</div>
</div>
</div>
</div>
</div>
</body>
</html>