[Opendnssec-develop] Signer Enforcer Communication
rickard at opendnssec.org
Fri Dec 23 13:24:16 UTC 2011
> so the period to wait for the signer to make the transition is:
> MaxZoneTTL +
> MAX(Signatures->Validity->Default, Signatures->Validity->Denial) +
> Signatures->Jitter + resign - refresh
>> Note that jitter in the worst case is 1*jitter, because the jitter range
>> is from [-j ... j].
> Yes. Worst case 1*jitter. Which means I'm worst case 2*jitter off.
The worst case should be just one jitter. Because the negative jitter
is subtracted from the validity.
validity - jitter + rnd(2*jitter) => validity + jitter
More information about the Opendnssec-develop