State diagram for DNSsec key lifecycle

Spain, Dr. Jeffry A. spainj at countryday.net
Thu Feb 9 23:54:44 UTC 2012


> Please comment on this state diagram:
> https://www.chaos1.de/svn-public/repos/network-tools/DNSsec/trunk/dnssec_key_states.pdf

For greater clarity, I suggest that for the state transitions (captions on the arrows), you refer specifically to the four metadata timestamps that are present in the keys: Publish, Activate, Inactive, and Delete, since these govern what bind does with the keys.

I think it would help also to add some information about how you will set the values for these timestamps when the keys are generated with dnssec-keygen.

You don't address the issue of key revocation, but perhaps that should wait for later.

Jeffry A. Spain
Network Administrator
Cincinnati Country Day School



More information about the bind-users mailing list