[Opendnssec-develop] PublishSafety and RetireSafety
yuri at NLnetLabs.nl
Wed Jul 6 12:40:56 UTC 2011
I'm unsure how PublishSafety and RetireSafety should be used. The Wiki
says the following, but it confuses me.
"""<PublishSafety> and <RetireSafety> are the publish and retire safety
margins for the keys. These intervals are safety margins added to
calculated timing values to ensure that keys are published and retired
without there being a chance of signatures created with the keys being
I attached two possibilities. Drawn in the well-known state diagram with
1) We wait extra long after introducing/outroducing a resource record
2) We wait extra long before introducing/outroducing a resource record
T = TTL
D = PropagationDelay
P = PublishSafety
R = RetireSafety
There might be a third option?
I should think it is option 2 since in option 1 it does the same as
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 27869 bytes
Desc: not available
More information about the Opendnssec-develop