[Opendnssec-develop] Key rollover date
rickard.bondesson at iis.se
Fri Aug 7 10:01:24 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Is there a problem if the key rollover date is not fixed in time?
E.g: My system does automatic rollover in March every year. In August I perform an emergency rollover, but now will my system perform the automatic rollover in August every year.
This is because each key is valid for one year in this case, and the emergency rollover shifted the usual rollover date. Are there some use cases where you want to roll the key at a specific date and time. E.g. I want to roll my ZSK:s on the first of each months.
Then there is also a problem that P1M (one month) does not equal the same amount in seconds every month. So you get a shift by this also.
Olaf, you mentioned something about this. Would repeating intervals from ISO 8601 solve your problems? http://en.wikipedia.org/wiki/ISO_8601#Repeating_intervals
How important is this feature?
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop