signature expiration
Tony Finch
dot at dotat.at
Thu Apr 11 12:49:12 UTC 2013
hugo hugoo <hugobxl at hotmail.com> wrote:
> Can anyone tell me why signatures in dnssec mut be renewed every 30
> days?
The limited lifetime of the signatures reduces your exposure to a replay
attack. After the signature has expired an attacker cannot fool a victim
by giving them the stale data.
> What are the modifications made on a zone with a resign?
The signatures are regenerated with updated expiry times.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.
More information about the bind-users
mailing list