State diagram for DNSsec key lifecycle
Spain, Dr. Jeffry A.
spainj at countryday.net
Fri Feb 10 17:00:07 UTC 2012
>>> I recommend "activate" + "publish" at the same time.
>> I'd appreciate knowing your reasoning for preferring this
> You are going from unsigned to signed. There is no benefit in publishing, waiting then activating.
The IETF draft "DNSSEC Key Timing Considerations" (http://tools.ietf.org/html/draft-ietf-dnsop-dnssec-key-timing-02) goes into great detail about all of this. This draft document expired on 9/11/2011. Is there a successor document and/or other references that you would recommend on this topic? Thanks.
Jeffry A. Spain
Cincinnati Country Day School
More information about the bind-users