[Opendnssec-develop] PublishSafety and RetireSafety
Yuri Schaeffer
yuri at NLnetLabs.nl
Wed Jul 6 12:40:56 UTC 2011
Hi,
I'm unsure how PublishSafety and RetireSafety should be used. The Wiki
says the following, but it confuses me.
"""<PublishSafety> and <RetireSafety> are the publish and retire safety
margins for the keys. These intervals are safety margins added to
calculated timing values to ensure that keys are published and retired
without there being a chance of signatures created with the keys being
considered invalid."""
I attached two possibilities. Drawn in the well-known state diagram with
Hidden/Rumoured/Omnipresent/Unretentive.
1) We wait extra long after introducing/outroducing a resource record
2) We wait extra long before introducing/outroducing a resource record
T = TTL
D = PropagationDelay
P = PublishSafety
R = RetireSafety
There might be a third option?
I should think it is option 2 since in option 1 it does the same as
PropagationDelay.
//yuri
--
Yuri Schaeffer
NLnet Labs
http://www.nlnetlabs.nl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20110706_002.jpg
Type: image/jpeg
Size: 27869 bytes
Desc: not available
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20110706/6bcc1c61/attachment.jpg>
More information about the Opendnssec-develop
mailing list