[Opendnssec-develop] Questions unanswered
Matthijs Mekking
matthijs at NLnetLabs.nl
Wed Jan 14 15:07:21 UTC 2009
Hi,
We just decided to handle the questions on the list. So let me repeat my
questions as well post some new ones:
Question 1 is based on the assumption that the Signer Engine is
responsible for re-signing. It is actually not a real question, but a
remark: The Signer Engine determines the inception and expiration times
on signatures given the refresh interval value it retrieved from KASP,
right?
Question 2: What's the difference between zone resigning interval and
signature
refresh interval? Imho, they are the same, but described differently.
Question 3 from the list is already answered, since I have more insight
in the flow of the OpenDNSSEC tool.
Question 4: What is meant with signature jitter and clockskew? Does this
affect
the zone content? If so, in what way?
And an extra question: Why should KASP store the TTL for NSECs.
Shouldn't these be derived from the SOA's minimum field for negative
caching?
Cheers,
Matthijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 544 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20090114/f6dee0be/attachment.bin>
More information about the Opendnssec-develop
mailing list