[Opendnssec-develop] Off-by-one error and new year

Rickard Bellgrim rickard at opendnssec.org
Mon Jan 2 13:01:36 UTC 2012


> I read the thread which seemed to focus on the operational aspects. What are the risks in the context of replay attack?

You can replay the signature as long as the key used for signing is
still valid according to your chain-of-trust. So yes, we perhaps also
should recommend key rollovers.

// Rickard



More information about the Opendnssec-develop mailing list