[Opendnssec-develop] separate validity for signatures over DNSKEY
Matthijs Mekking
matthijs at NLnetLabs.nl
Mon Mar 15 10:35:32 UTC 2010
Makes more sense:)
Added a pivotal story for this as a reminder.
Matthijs
Jakob Schlyter wrote:
> On 15 mar 2010, at 11.24, Matthijs Mekking wrote:
>
>> Rickard Bellgrim wrote:
>>> Refresh KSK RRSIG when it is 15 days until it expires.
>>> Refresh ZSK RRSIG when it is 4 days until it expires.
>> What is a KSK RRSIG? What is a ZSK RRSIG?
>>
>> I do know of a RRSIG record that covers the type DNSKEY...
>
> I take it Rickard mean a RRSIG over DNSKEY (by KSK) or RRSIG over anything-else (by ZSK).
>
> j
>
> _______________________________________________
> Opendnssec-develop mailing list
> Opendnssec-develop at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop
More information about the Opendnssec-develop
mailing list