[Opendnssec-user] How to calc new ZSK / KSK and pre-publish date
Javier Jiménez Huedo
bodegax at gmail.com
Tue May 13 12:18:21 UTC 2014
Dear OpenDNSSEC users,
I am confused about the following behavior of openDNSSEC:
I have the following ZSK active key:
Key type State: Next transition:
ZSK active 2014-05-19 16:02:20 (retire)
KSK Lifetime P20D
ZSK LifeTime P10D
How I can calculate the date of generation of the next ZSK key?
How I can calculate the date of pre-publication next ZSK key?
Kasp.xml:
<Signatures>
<Resign>PT5H</Resign>
<Refresh>P2D</Refresh>
<Validity>
<Default>P5D</Default>
<Denial>P5D</Denial>
</Validity>
<InceptionOffset>PT3600S</InceptionOffset>
...
<Signatures>
<keys>
<TTL>PT3600S</TTL>
<PublishSafety>PT1H</PublishSafety>
...
</keys>
<Zone>
<PropagationDelay>PT30S</PropagationDelay>
...
</zone>
<parent>
<PropagationDelay>PT5H</PropagationDelay>
<DS><TTL>P1D</TTL></DS>
<SOA><TTL>P1D</TTL> <Minimum>P1D</Minimum></SOA>
</parent>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140513/0965b48f/attachment.htm>
More information about the Opendnssec-user
mailing list