[Opendnssec-develop] Signer Enforcer Communication
Yuri Schaeffer
yuri at nlnetlabs.nl
Fri Dec 23 12:29:46 UTC 2011
> The moment that a signature is replaced is the at the resign interval
> where the signature is not fresh anymore for the first time:
>
> (validity + jitter) + resign - refresh
I think I get it; The signer does check for work it regular intervals,
so I need resign en refresh times.
so the period to wait for the signer to make the transition is:
MaxZoneTTL +
MAX(Signatures->Validity->Default, Signatures->Validity->Denial) +
Signatures->Jitter + resign - refresh
> Note that jitter in the worst case is 1*jitter, because the jitter range
> is from [-j ... j].
Yes. Worst case 1*jitter. Which means I'm worst case 2*jitter off.
//yuri
More information about the Opendnssec-develop
mailing list