[Opendnssec-user] DNSKEY set signed with KSK in retire state.

Maurice maurice at info.nl
Thu Nov 19 11:07:21 UTC 2015


When using OpenDNSSEC,   I see that DNSKEY sets are signed with keys 
that are in the retire state.
Why does this happen ? I would expect that only KSK`s  in the active or 
ready state would be used for signing the DNSKEY sets.


Maurice Mahieu
System Engineer  | maurice at info.nl <mailto:maurice at info.nl>  | +31 (0)20 
53 09 111 <tel:+31205309111>
info.nl <http://www.info.nl> /making platforms work/ 

Sint Antoniesbreestraat 16  |  1011 HB Amsterdam  | +31 (0)20 530 91 00 
Facebook <https://www.facebook.com/infonl> | Twitter 
<https://twitter.com/infonl> | LinkedIn 
<https://www.linkedin.com/company/info.nl> | Google+ 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20151119/3292be5c/attachment.htm>

More information about the Opendnssec-user mailing list