[Opendnssec-develop] Questions unanswered

Matthijs Mekking matthijs at NLnetLabs.nl
Wed Jan 14 15:07:21 UTC 2009


Hi,

We just decided to handle the questions on the list. So let me repeat my
questions as well post some new ones:

Question 1 is based on the assumption that the Signer Engine is
responsible for re-signing. It is actually not a real question, but a
remark: The Signer Engine determines the inception and expiration times
on signatures given the refresh interval value it retrieved from KASP,
right?

Question 2: What's the difference between zone resigning interval and
signature
refresh interval? Imho, they are the same, but described differently.

Question 3 from the list is already answered, since I have more insight
in the flow of the OpenDNSSEC tool.

Question 4: What is meant with signature jitter and clockskew? Does this
affect
the zone content? If so, in what way?

And an extra question: Why should KASP store the TTL for NSECs.
Shouldn't these be derived from the SOA's minimum field for negative
caching?

Cheers,
Matthijs


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 544 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20090114/f6dee0be/attachment.bin>


More information about the Opendnssec-develop mailing list