[Opendnssec-develop] Re: [OpenDNSSEC] #68: validity period passed, but no new signatures created

OpenDNSSEC owner-dnssec-trac at kirei.se
Mon Jan 4 13:41:49 UTC 2010


#68: validity period passed, but no new signatures created
---------------------------+------------------------------------------------
Reporter:  lijia@…         |       Owner:  matthijs      
    Type:  defect          |      Status:  new           
Priority:  major           |   Component:  Signer        
 Version:  trunk           |    Keywords:  resign, expire
---------------------------+------------------------------------------------

Comment(by rb):

 Correct. <Refresh> is the refresh interval, detailing when a signature
 should be refreshed. As signatures are typically valid for much longer
 than the interval between runs of the signer, there is no need to re-
 generate the signatures each time the signer is run if there is no change
 to the data being signed. The signature will be refreshed when the time
 until the signature expiration is closer than the refresh interval.

 I have updated the documentation to reflect this.

-- 
Ticket URL: <http://trac.opendnssec.org/ticket/68#comment:8>
OpenDNSSEC <http://www.opendnssec.org/>
OpenDNSSEC


More information about the Opendnssec-develop mailing list