[Opendnssec-develop] Signer Enforcer Communication

[Yuri Schaeffer]

While Matthijs is enjoying the sun, could you help verify I'm correct?

In order to support smooth rollovers the enforcer must wait TTL + some
additional_time when transition a RRSIG state from rumoured to
omnipresent. (Signatures only get replaced when they expire).

What is "additional_time"? I think:

additional_time = Signatures->Validity->default + Signatures->Jitter

As the enforcer I do not know the actual jitter value, so I must wait
worst case time (I wait max 2*jitter to long).

I believe I can ignore the refresh and resign intervals.

//yuri

-- 
Yuri Schaeffer
NLnet Labs
http://www.nlnetlabs.nl