State diagram for DNSsec key lifecycle
Axel.Rau at Chaos1.DE
Thu Feb 16 20:56:17 UTC 2012
Am 14.02.2012 um 16:33 schrieb Axel Rau:
> Am 13.02.2012 um 19:48 schrieb Axel Rau:
>> Here is the next revision with comments from Mark and Jeff incorporated (same URL):
>> I'm still unsure about submitting the follow-up DS while its KSK not yet active.
>> Please review carefully and comment. Simplifications are also welcome.
> From state 'KSK2 active KSK1 inactive' to state 'DS1 retired from parent' the diagram shows a delay of MD.
> Keeping the DS after inactivity of its KSK makes no sense to me.
> What do you mean?
Due to lack of input, I did a major rework of the diagram, based on NIST 800-81r1.
PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ computing @ chaos claudius
More information about the bind-users