Uploaded image for project: 'OpenDNSSEC Pivotal History'
  1. OpenDNSSEC Pivotal History
  2. ODSPTHIST-545

KSK in use too long warning

FinishDeliverReject
    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Accepted
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 88 : 13 Feb
    • Labels:

      Description

      The Enforcer makes the next KSK active (used for signing) when initiating a KSK rollover. But the key is not considered to be in the state ACTIVE until the DS has been seen.

      The Auditor does however start to count the time in use when the rollover is initiated. This means that you will always get the warning at the end of the lifetime for the KSK. Because the Enforcer starts the lifetime when the key reaches the state ACTIVE.

      Is this a problem? Or is it a good warning that the key now have actually created signatures longer than expected?

        Attachments

          Activity

            People

            Assignee:
            alexd Alex Dalitz
            Reporter:
            rickard Rickard Bellgrim
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: