State diagram for DNSsec key lifecycle

Axel Rau Axel.Rau at chaos1.de
Sat Feb 11 10:32:55 UTC 2012


Am 10.02.2012 um 00:54 schrieb Spain, Dr. Jeffry A.:

>> Please comment on this state diagram:
>> https://www.chaos1.de/svn-public/repos/network-tools/DNSsec/trunk/dnssec_key_states.pdf
> 
> For greater clarity, I suggest that for the state transitions (captions on the arrows), you refer specifically to the four metadata timestamps that are present in the keys: Publish, Activate, Inactive, and Delete, since these govern what bind does with the keys.
Yes, this was my intention, but I have several implicit assumptions: publish = now(), active2 = active1.
I will clarify this. 
> 
> I think it would help also to add some information about how you will set the values for these timestamps when the keys are generated with dnssec-keygen.
I will add this, when the diagram has been fixed.
> 
> You don't address the issue of key revocation, but perhaps that should wait for later.
I consider this for version 2.

Axel
---
PGP-Key:29E99DD6  ☀ +49 151 2300 9283  ☀ computing @ chaos claudius




More information about the bind-users mailing list