[Opendnssec-develop] No RRSIG in .signed.sorted
Matthijs Mekking
matthijs at NLnetLabs.nl
Thu Mar 25 17:02:00 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rickard Bellgrim wrote:
>> Hmm, but this is the same behavior as in v1.0. That there is no RRSIG in .signed.sorted
>
> Does this imply that we will drop all signatures each month when we roll the ZSK? And each year when we roll the KSK? And when the old ZSK is not postpublished? ... Essentially every time when the DNSKEY RRset changes?
>
> http://trac.opendnssec.org/browser/trunk/OpenDNSSEC/signer/signer_engine/ZoneConfig.py#L94
>
> // Rickard
Yes. This however can be changed easily in the upcoming C engine.
Matthijs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBAgAGBQJLq5cGAAoJEA8yVCPsQCW5Zi8H/0S3ti4/dxRU9ItCzEtK/2v0
oEdpqALqJt6Qx7McmhizDaieKloWgWHgYJGmYr3CwbYdxFhHvJAyVO/rnkPPH7TJ
HX5ejL4n+pynZIcxfEI0tVrzzsgBZW6Wm8qkn9TaW/ey+QjBhv/mMQNNyQjBfukG
GOemXGlVYyExStLcMmHn0geUlqnH9O4W1Jgd/+HlRTN+FxVHTpE6ITeUZLk5jDOT
zZFFpx2ydq+b2AGOHhlgl0dDdgbANu4iKtoNF6NPKbtkMbMvoEMe5WjhnLRGaIij
jPegcRENtwHGZV3us7a1E/xlMe4v/AgVTLsIRtANtcJJIgUafa9GaRp8Q9vEr6g=
=Xl/n
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list