[Opendnssec-develop] Re: [OpenDNSSEC] #68: validity period passed, but no new signatures created
OpenDNSSEC
owner-dnssec-trac at kirei.se
Mon Jan 4 12:50:07 UTC 2010
#68: validity period passed, but no new signatures created
---------------------------+------------------------------------------------
Reporter: lijia@… | Owner: matthijs
Type: defect | Status: new
Priority: major | Component: Signer
Version: trunk | Keywords: resign, expire
---------------------------+------------------------------------------------
Comment(by lijia@…):
Replying to [comment:6 rb]:
> Since <Resign> == <Refresh> you will have cases where signatures are
reused, but will expire before the next re-sign. <Refresh> should be
greater than <Resign>.
>
> (A signature will be refreshed when it has x seconds until expiration)
> http://trac.opendnssec.org/wiki/Signer/Using/Configuration/kasp
>
> If all of the signatures can be reused, then no new signatures will be
created. This will be the case for the first 4.5 minutes. But can happen
more over time depending on if all of the signatures will expire around
the same time.
I do not quit understand the purpose of refresh. Do you mean that rrsig
will recreate at the time (expiration_time - refresh)?
--
Ticket URL: <http://trac.opendnssec.org/ticket/68#comment:7>
OpenDNSSEC <http://www.opendnssec.org/>
OpenDNSSEC
More information about the Opendnssec-develop
mailing list