[Opendnssec-develop] Off-by-one error and new year

Olaf Kolkman olaf at NLnetLabs.nl
Wed Dec 28 08:19:16 UTC 2011

On Dec 27, 2011, at 11:36 AM, Rickard Bellgrim wrote:

> Hi
> An error, as seen on the user's list, has been uncovered. I think we
> should make an announcement of this.
> Due to this error, you could get signatures that are valid for one
> year extra. What happens if you leave the signature in the zone? Will
> it be removed during the next key rollover?
> This problem is only on 32-bit platforms.
> I think they should remove the tmp files and create new signatures.

I read the thread which seemed to focus on the operational aspects. What are the risks in the context of replay attack?



Olaf M. Kolkman                        NLnet Labs


More information about the Opendnssec-develop mailing list