[Opendnssec-develop] kasp draft

Siôn Lloyd sion at nominet.org.uk
Mon Jul 28 10:30:07 UTC 2014


On 28/07/14 10:10, Matthijs Mekking wrote:
> On 07/15/2014 10:52 AM, Siôn Lloyd wrote:
>> 2.1.1.1
>> Jitter - I'm not sure that there is a need to define the jitter
>> algorithm... I can have jitter that only increases signature lifetimes
>> (i.e. r * j) and it is still just as valid. The algorithm could be given
>> as an example.
> I think we do want to define the algorithm: So that if the policy is
> used in a different implementation, you can expect the same behavior.

I don't agree... If I have an existing implementation that uses a
different, but equally valid, algorithm then I can not describe my
system using this document. That would seem to be an unnecessary
restriction.

The more generic solution would be to define jitter as the maximum a
signature can vary from the defined lifetime - what distribution that
variation takes is implementation specific.

Sion



More information about the Opendnssec-develop mailing list