[Opendnssec-user] retire period / signature lifetime
maurice at info.nl
Thu May 1 13:09:53 UTC 2014
Dear opendnssec users,
I am confused about the following behaviour of opendnssec.
I noticed that the signature validity time gets added to the retire
period for keys. I am wondering why this is ?
I have a TTL of 1 hour for the keys. My signature validity time is 28
days. With a TTL of 1H for the keys I think that normally it would be
safe for the old ZSK to stay in the retire state for a few hours and
then be marked dead. But now it wil be in the retire state for 28 days.
I think this is strange. Or am I missing something ?
With kind regards
System Engineer | maurice at info.nl <mailto:maurice at info.nl>
info.nl <http://www.info.nl> /connecting the dots/
Sint Antoniesbreestraat 16 | 1011 HB Amsterdam | +31 (0)20 530 91 11
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Opendnssec-user