[Opendnssec-develop] separate validity for signatures over DNSKEY

Matthijs Mekking matthijs at NLnetLabs.nl
Mon Mar 15 10:35:32 UTC 2010


Makes more sense:)

Added a pivotal story for this as a reminder.

Matthijs

Jakob Schlyter wrote:
> On 15 mar 2010, at 11.24, Matthijs Mekking wrote:
> 
>> Rickard Bellgrim wrote:
>>> Refresh KSK RRSIG when it is 15 days until it expires.
>>> Refresh ZSK RRSIG when it is 4 days until it expires.
>> What is a KSK RRSIG? What is a ZSK RRSIG?
>>
>> I do know of a RRSIG record that covers the type DNSKEY...
> 
> I take it Rickard mean a RRSIG over DNSKEY (by KSK) or RRSIG over anything-else (by ZSK).
> 
> 	j
> 
> _______________________________________________
> Opendnssec-develop mailing list
> Opendnssec-develop at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop




More information about the Opendnssec-develop mailing list