[Opendnssec-develop] Re: [OpenDNSSEC] #68: validity period passed, but no new signatures created

OpenDNSSEC owner-dnssec-trac at kirei.se
Mon Jan 4 11:41:08 CET 2010


#68: validity period passed, but no new signatures created
---------------------------+------------------------------------------------
Reporter:  lijia@…         |       Owner:  matthijs      
    Type:  defect          |      Status:  new           
Priority:  major           |   Component:  Signer        
 Version:  trunk           |    Keywords:  resign, expire
---------------------------+------------------------------------------------

Comment(by rb):

 Since <Resign> == <Refresh> you will have cases where signatures are
 reused, but will expire before the next re-sign. <Refresh> should be
 greater than <Resign>.

 (A signature will be refreshed when it has x seconds until expiration)
 http://trac.opendnssec.org/wiki/Signer/Using/Configuration/kasp

 If all of the signatures can be reused, then no new signatures will be
 created. This will be the case for the first 4.5 minutes. But can happen
 more over time depending on if all of the signatures will expire around
 the same time.

-- 
Ticket URL: <http://trac.opendnssec.org/ticket/68#comment:6>
OpenDNSSEC <http://www.opendnssec.org/>
OpenDNSSEC


More information about the Opendnssec-develop mailing list