[Opendnssec-develop] separate validity for signatures over DNSKEY
jakob at kirei.se
Mon Mar 15 10:25:32 UTC 2010
On 15 mar 2010, at 11.24, Matthijs Mekking wrote:
> Rickard Bellgrim wrote:
>> Refresh KSK RRSIG when it is 15 days until it expires.
>> Refresh ZSK RRSIG when it is 4 days until it expires.
> What is a KSK RRSIG? What is a ZSK RRSIG?
> I do know of a RRSIG record that covers the type DNSKEY...
I take it Rickard mean a RRSIG over DNSKEY (by KSK) or RRSIG over anything-else (by ZSK).
More information about the Opendnssec-develop