[Opendnssec-develop] Signer Testplan: first try
jakob at kirei.se
Wed Apr 8 14:58:29 UTC 2009
On 8 apr 2009, at 15.02, Matthijs Mekking wrote:
> 1. Jitter
> We did not have come to a final conclusion about what Jitter exactly
> - Do we need to add jitter or subtract it from the expiration
> Or is both accepted?
In my world, jitter is ABS(MAX(VARIANCE(signature expiration time))).
so something like:
signature expiration = calculated expiration time - jitter +
(random(jitter) * 2)
where random(x) is a function generating a random numberr such as 0 ≤
r ≤ x. this would generate a signature exception that can vary +/-
some jitter number of seconds, right?
> - Is random jitter acceptable?
not only acceptable, it is required.
> 2. NSEC3PARAM TTL
> Why do we need to configure the NSEC3PARAM TTL in signconf.xml? TTL
> NSEC3PARAM has no value because it is not used by resolvers or
but it does need a TTL no? or do we always set it to X? if so, what is
More information about the Opendnssec-develop