State diagram for DNSsec key lifecycle

Spain, Dr. Jeffry A. spainj at
Thu Feb 9 23:54:44 UTC 2012

> Please comment on this state diagram:

For greater clarity, I suggest that for the state transitions (captions on the arrows), you refer specifically to the four metadata timestamps that are present in the keys: Publish, Activate, Inactive, and Delete, since these govern what bind does with the keys.

I think it would help also to add some information about how you will set the values for these timestamps when the keys are generated with dnssec-keygen.

You don't address the issue of key revocation, but perhaps that should wait for later.

Jeffry A. Spain
Network Administrator
Cincinnati Country Day School

More information about the bind-users mailing list