[Opendnssec-develop] Off-by-one error and new year
rickard at opendnssec.org
Tue Dec 27 12:31:47 UTC 2011
>> The Signer Engine will do a smooth transition between keys, but in
>> this case you will have a signature that is valid for a year extra. At
>> some point will the Enforcer remove the DNSKEY, because it thinks that
>> all of the signatures have been replaced.
> Yes, At this point the signer will start to sweat. Doing all the work at
> once, instead of during the last validity period.
So the conclusion is that there will be no post-publication of the
DNSKEY for this signature, right?
More information about the Opendnssec-develop