[Opendnssec-develop] Signer Enforcer Communication
Yuri Schaeffer
yuri at NLnetLabs.nl
Tue Dec 27 10:03:02 UTC 2011
On 23/12/11 14:24, Rickard Bellgrim wrote:
> The worst case should be just one jitter. Because the negative jitter
> is subtracted from the validity.
>
> validity - jitter + rnd(2*jitter) => validity + jitter
And thus I stand by my previous statement.
The enforcer must wait till "Validity+Jitter" while the key *might*
actually only be valid until "Validity-Jitter".
Hence, if I'm playing save, I'm worst-case 2*Jitter off from my earliest
moment to roll.
--
Yuri Schaeffer
NLnet Labs
http://www.nlnetlabs.nl
More information about the Opendnssec-develop
mailing list