[Opendnssec-develop] EnfNG 2nd Alpha
Yuri Schaeffer
yuri at NLnetLabs.nl
Tue Oct 11 12:54:41 UTC 2011
On 10/11/11 13:58, Rickard Bellgrim wrote:
> Please add these changes to the NEWS file, if it has not been done yet.
Done. I did not include the follow text. I thought it might be useful to
accompany the release announcement.
>> Alpha 2 introduces the KskRollType, ZskRollType, and CskRollType
>> elements in kasp.xml for use in the KSK, ZSK and CSK sections.
>> Valid values are:
>>
>> [ KskDoubleRRset | KskDoubleDS | KskDoubleSignature |
>> ZskDoubleSignature | ZskPrePublication | ZskDoubleRRsig |
>> CskDoubleRRset | CskSingleSignature | CskDoubleDS |
>> CskDoubleSignature | CskPrePublication ]
>>
>> These values correspond directly with the rollover types described
>> in the Internet Draft: draft-mekking-dnsop-dnssec-key-timing-bis-02
>> The various Rollover Types influence the traffic to your zone and the
>> speed of a rollover. The enforcer uses them as a strong hint, in
>> case of a conflict (for example ZskPrePublication is impossible
>> during a algorithm rollover) these hints are relaxed.
--
Yuri Schaeffer
NLnet Labs
http://www.nlnetlabs.nl
More information about the Opendnssec-develop
mailing list