[Opendnssec-develop] separate validity for signatures over DNSKEY
matthijs at NLnetLabs.nl
Mon Mar 15 10:35:32 UTC 2010
Makes more sense:)
Added a pivotal story for this as a reminder.
Jakob Schlyter wrote:
> On 15 mar 2010, at 11.24, Matthijs Mekking wrote:
>> Rickard Bellgrim wrote:
>>> Refresh KSK RRSIG when it is 15 days until it expires.
>>> Refresh ZSK RRSIG when it is 4 days until it expires.
>> What is a KSK RRSIG? What is a ZSK RRSIG?
>> I do know of a RRSIG record that covers the type DNSKEY...
> I take it Rickard mean a RRSIG over DNSKEY (by KSK) or RRSIG over anything-else (by ZSK).
> Opendnssec-develop mailing list
> Opendnssec-develop at lists.opendnssec.org
More information about the Opendnssec-develop