[Opendnssec-develop] Erroneous jitter semantics

Jelte Jansen jelte at isc.org
Thu Mar 11 13:27:14 UTC 2010

Hash: SHA1

On 03/11/2010 01:50 PM, Patrik Wallström wrote:
> On Mar 11, 2010, at 12:10 PM, Jakob Schlyter wrote:
>> On 11 mar 2010, at 12.07, Rickard Bellgrim wrote:
>>> Ok, so lets go with +/- jitter/2. I think it should just be a one-liner in the Signer. We also need to update the picture in the documentation.
>> actually it is:  expiration' = expiration - jitter + (rnd % (jitter * 2))
>> stories added and assigned.
> I like the jitter parameter much better now, with this solution. Can we convince ISC to change jitter to this as well?

hey looky, i'm still on this list :)

I personally think that +-jitter/2 is the worst pick of the three, it
gives you the disadvantage of both +jitter and -jitter

obviously i prefer +jitter since i wrote that line :p (less room for
fatal error, i think longer expiration than expected contains less
potential problems than shorter expiration than expected)

of course the setting for any of these choices can be directly
translated into any other by modifying your validity time accordingly,
and hence it mostly comes down to correct documentation, and perhaps a
big fat error&fail if there is a potential problem.

i do agree that it would be nice to sync this up between
implementations, though i'm not entirely sure how willing the bind9 team
is to change an existing definition

Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


More information about the Opendnssec-develop mailing list