Uploaded image for project: 'OpenDNSSEC'
  1. OpenDNSSEC
  2. OPENDNSSEC-334

Recreate RRSIGs if KASP changed validity?

    XMLWordPrintable

    Details

    • Type: Story
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 1.3.10
    • Fix Version/s: future
    • Component/s: Signer
    • Labels:

      Description

      One of our users, using the auditor, tried to change the signature validity in the policy from 7 days to one month. When updating, the signer would create some new signatures and leave some old signatures. It could leave some old signatures, because those would still have a valid Refresh period.

      The auditor should not have complained if it had notion of history of the policy. However, this user is running 1.0.0 alpha, so this might have been already fixed a long time ago. But it got me thinking: Should the signer create new RRSIGS if the validity changed in the signer configuration?

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            matthijs Matthijs Mekking
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: