Uploaded image for project: 'OpenDNSSEC Pivotal History'
  1. OpenDNSSEC Pivotal History
  2. ODSPTHIST-553

Update requirements and implement new pre-publication check

FinishDeliverReject
    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Accepted
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 88 : 13 Feb
    • Labels:

      Description

      From the user's list:

      Why is the SOA ttl considered for the check? DNSKEY TTL I'd understand,
      but SOA?

      Yes, that sounds strange. The first ZSK should be pre-published according to this time:
      Ipub = Dprp + min(TTLsoa, SOAmin)

      The following ZSK:s should be pre-published using this time:
      Ipub = Dprp + TTLkey

      We will have a look at this.

      From the spec ( http://trac.opendnssec.org/wiki/Signer/AuditorRequirements ) :

      "Give an error if a key is seen in use without it having first been seen as prepublished for a time of at least the zone SOA TTL. [E]"

      Should the specification be changed?

        Attachments

          Activity

            People

            Assignee:
            alexd Alex Dalitz
            Reporter:
            rickard Rickard Bellgrim
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: