[Opendnssec-user] retire period / signature lifetime
Maurice Mahieu
maurice at info.nl
Thu May 1 13:09:53 UTC 2014
Dear opendnssec users,
I am confused about the following behaviour of opendnssec.
I noticed that the signature validity time gets added to the retire
period for keys. I am wondering why this is ?
I have a TTL of 1 hour for the keys. My signature validity time is 28
days. With a TTL of 1H for the keys I think that normally it would be
safe for the old ZSK to stay in the retire state for a few hours and
then be marked dead. But now it wil be in the retire state for 28 days.
I think this is strange. Or am I missing something ?
With kind regards
--
Maurice Mahieu
System Engineer | maurice at info.nl <mailto:maurice at info.nl>
info.nl <http://www.info.nl> /connecting the dots/
<http://www.info.nl/nl?utm_source=e-mail_sig&utm_medium=e-mail&utm_term=connecting_the_dots&utm_campaign=info_sig>
Sint Antoniesbreestraat 16 | 1011 HB Amsterdam | +31 (0)20 530 91 11
<tel:+31205309111>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140501/bbbaa8c5/attachment.htm>
More information about the Opendnssec-user
mailing list