[Opendnssec-develop] Signer Enforcer Communication

Yuri Schaeffer yuri at NLnetLabs.nl
Tue Dec 27 10:03:02 UTC 2011

On 23/12/11 14:24, Rickard Bellgrim wrote:
> The worst case should be just one jitter. Because the negative jitter
> is subtracted from the validity.
> validity - jitter + rnd(2*jitter) => validity + jitter

And thus I stand by my previous statement.

The enforcer must wait till "Validity+Jitter" while the key *might*
actually only be valid until "Validity-Jitter".
Hence, if I'm playing save, I'm worst-case 2*Jitter off from my earliest
moment to roll.

Yuri Schaeffer
NLnet Labs

More information about the Opendnssec-develop mailing list