Am 14.02.2012 um 16:33 schrieb Axel Rau:
>
> Am 13.02.2012 um 19:48 schrieb Axel Rau:
>
>> Here is the next revision with comments from Mark and Jeff incorporated
>> (same URL):
>>
>> https://www.chaos1.de/svn-public/repos/network-tools/DNSsec/trunk/dnssec_key_states.pdf
>> I'm still unsu
Am 13.02.2012 um 19:48 schrieb Axel Rau:
> ere is the next revision with comments from Mark and Jeff incorporated (same
> URL):
>
> https://www.chaos1.de/svn-public/repos/network-tools/DNSsec/trunk/dnssec_key_states.pdf
> I'm still unsure about submitting the follow-up DS while its KSK no
Am 11.02.2012 um 11:33 schrieb Axel Rau:
>
> Am 10.02.2012 um 01:57 schrieb Mark Andrews:
>
>> You don't submitt the initial DS until the KSK is active and any old
>> state about the DNSKEY as clear caches. I recommend "activate" +
>> "publish" at the same time.
> I see. draft-ietf-dnsop-dnsse
Am 10.02.2012 um 01:57 schrieb Mark Andrews:
> You don't submitt the initial DS until the KSK is active and any old
> state about the DNSKEY as clear caches. I recommend "activate" +
> "publish" at the same time.
I see. draft-ietf-dnsop-dnssec-key-timing-02 uses the term 'used for signing'
as s
Am 10.02.2012 um 00:54 schrieb Spain, Dr. Jeffry A.:
>> Please comment on this state diagram:
>> https://www.chaos1.de/svn-public/repos/network-tools/DNSsec/trunk/dnssec_key_states.pdf
>
> For greater clarity, I suggest that for the state transitions (captions on
> the arrows), you refer specif
>>> I recommend "activate" + "publish" at the same time.
>> I'd appreciate knowing your reasoning for preferring this
> You are going from unsigned to signed. There is no benefit in publishing,
> waiting then activating.
The IETF draft "DNSSEC Key Timing Considerations"
(http://tools.ietf.org/h
In message <92dd72be-8330-490d-8bf9-7b023fdab...@ucd.ie>, Niall O'Reilly writes
:
>
> On 10 Feb 2012, at 00:57, Mark Andrews wrote:
>
> > I recommend "activate" + "publish" at the same time.
>
> Mark,
>
> I'ld appreciate knowing your reasoning for preferring this
> approach o
On 10 Feb 2012, at 00:57, Mark Andrews wrote:
> I recommend "activate" + "publish" at the same time.
Mark,
I'ld appreciate knowing your reasoning for preferring this
approach over publication for later activation.
I suspect I might not be alone. 8-)
B
You don't submitt the initial DS until the KSK is active and any old
state about the DNSKEY as clear caches. I recommend "activate" +
"publish" at the same time.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
> Please comment on this state diagram:
> https://www.chaos1.de/svn-public/repos/network-tools/DNSsec/trunk/dnssec_key_states.pdf
For greater clarity, I suggest that for the state transitions (captions on the
arrows), you refer specifically to the four metadata timestamps that are
present in the
While writing a script for key maintenance of 'auto-dnssec maintained' zones,
I try to understand the required actions and states of the keys.
Please comment on this state diagram:
https://www.chaos1.de/svn-public/repos/network-tools/DNSsec/trunk/dnssec_key_states.pdf
Actions of the script
11 matches
Mail list logo
