[Opendnssec-develop] Key rollover date
Rickard Bondesson
rickard.bondesson at iis.se
Fri Aug 7 10:01:24 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi
Is there a problem if the key rollover date is not fixed in time?
E.g: My system does automatic rollover in March every year. In August I perform an emergency rollover, but now will my system perform the automatic rollover in August every year.
This is because each key is valid for one year in this case, and the emergency rollover shifted the usual rollover date. Are there some use cases where you want to roll the key at a specific date and time. E.g. I want to roll my ZSK:s on the first of each months.
Then there is also a problem that P1M (one month) does not equal the same amount in seconds every month. So you get a shift by this also.
Olaf, you mentioned something about this. Would repeating intervals from ISO 8601 solve your problems? http://en.wikipedia.org/wiki/ISO_8601#Repeating_intervals
How important is this feature?
// Rickard
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
Charset: utf-8
wsBVAwUBSnv7dOCjgaNTdVjaAQjEcwf/bBFsDmcTaB1B4rcQjno1s125KcidHwYM
64BvxfW+tZ+bH2YQiIuOrq+9A2KfZ0sNePtWFxNWjSkswsnK6ZTFK47b2yCSQf1t
s8Yp2YjqWPyDyoWN9YbvwXiRAJgc00NhQBQSz7kVnFQ94FsO5x8E6JY0PGR+CPpM
2fRb613XJq0q8SbwtA0Pv7Y3v1QGq+3jun275k/yv//hwg2qXxkqp7zJntWA4vas
qKJi/PUIuIpI5rx9458d+i8MRWilkvI+VJNvoLWes+IDl7vTr6WcXt6gEqLRFgB1
z8QI+ynOHrVSlspN1vVH/eA69fbmDiVGiUsFsf/SjCTKYzr0LzSm3A==
=O3QK
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list