-
Type:
New Feature
-
Status: Accepted
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 16 : 28 Sep
-
Labels:
Check that a single key (KSK or ZSK) is not active longer than (KSK->Lifetime + Enforcer->Interval) or (ZSK->Lifetime + Enforcer->Interval). Just give a warning if this is the case, since the zone is still valid.
This means that the auditor must keep the key state over time. E.g. a file with time stamps of when a key was first noted as, pre-publised, active, retired, and dead. The knowledge of a key may be forgotten once a key is dead.