回复: Re: [Opendnssec-user]Signature period not precise
Matthijs Mekking
matthijs at nlnetlabs.nl
Thu Aug 23 08:27:35 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/23/2012 09:32 AM, 刘硕 wrote:
> Hi Matthijs,
>
>> Note that the inception and expiration times are in UTC, see RFC
>> 4034:
>
> Thanks, I forgot the time zone issue.
>
>
>> So if you sign at 20/8/2012 17:08 P.M. and the inception is at
>> 20/8/2012 08:08 A.M, you are in UTC+8 (17 minus 8 for the UTC
>> minus 1 for the offset = 8), is that right?
>
> Yes, you are right. I have put less attention on <InceptionOffset>,
> is there any recommendation for its value?
>
>
Inception offset is to defend against clock skew. The default policy
has an offset of 1 hour, which I believe is a value almost everybody
uses.
Best regards,
Matthijs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJQNel3AAoJEA8yVCPsQCW5aoUIAK1eBloGFy6+2EF27ADoK1oE
nvapvTf34Vh2BYaWGWXJ8pz+FHHPmQiFsqS22X9RvOonDY3ijeTyg3Y2DBwrdxzX
igYPFTz/vwkgSzrVE3zy5IlzXtQENwoDe3PYX19aAJxdlWGPacNwbW+uPLY/BwpH
3IFPP0TYIwI5WYq5uu/UEcpOCdX5suBXKY9lgs2sRnwFw16pq5t/m8CExBwP5Qxl
/AHYmhxcK17Lx0NXzj8JqmFn5PtCqV+Echeu3mgLgy/d6inG9qfmZNhir7g7mzkm
+K84N0i3ri1qa+7R8jyA0SoJfN5/zG6vVSvle4NJbPkzcAqHU5uoEZvwQTOFEVE=
=hLsq
-----END PGP SIGNATURE-----
More information about the Opendnssec-user
mailing list