[Opendnssec-develop] Signer Testplan: first try

Jakob Schlyter jakob at kirei.se
Wed Apr 8 14:58:29 UTC 2009

On 8 apr 2009, at 15.02, Matthijs Mekking wrote:

> 1. Jitter
> We did not have come to a final conclusion about what Jitter exactly  
> means.

nope :_)

> - Do we need to add jitter or subtract it from the expiration  
> datetime?
> Or is both accepted?

In my world, jitter is ABS(MAX(VARIANCE(signature expiration time))).

so something like:

   signature expiration = calculated expiration time - jitter +  
(random(jitter) * 2)

where random(x) is a function generating a random numberr such as 0 ≤  
r ≤ x. this would generate a signature exception that can vary +/-  
some jitter number of seconds, right?

> - Is random jitter acceptable?

not only acceptable, it is required.

> Why do we need to configure the NSEC3PARAM TTL in signconf.xml? TTL  
> for
> NSEC3PARAM has no value because it is not used by resolvers or  
> validators.

but it does need a TTL no? or do we always set it to X? if so, what is  


More information about the Opendnssec-develop mailing list