State diagram for DNSsec key lifecycle

Spain, Dr. Jeffry A. spainj at
Fri Feb 10 17:00:07 UTC 2012

>>> I recommend "activate" + "publish" at the same time.
>> I'd appreciate knowing your reasoning for preferring this
> You are going from unsigned to signed.  There is no benefit in publishing, waiting then activating.

The IETF draft "DNSSEC Key Timing Considerations" ( goes into great detail about all of this. This draft document expired on 9/11/2011. Is there a successor document and/or other references that you would recommend on this topic? Thanks.

Jeffry A. Spain
Network Administrator
Cincinnati Country Day School

More information about the bind-users mailing list