This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/dns-wg@ripe.net/
[dns-wg] DNSSEC Policy Development Process
- Previous message (by thread): [dns-wg] DNSSEC Policy Development Process
- Next message (by thread): [dns-wg] DNSSEC Policy Development Process
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
McTim
dogwallah at gmail.com
Tue Aug 30 11:11:24 CEST 2005
HI Olafje, On 8/30/05, Olaf M. Kolkman <olaf at ripe.net> wrote: ttp://www.ripe.net/rs/reverse/dnssec/registry-procedure.html > > > > "Is the signature validity period close to expiring and are the Times > > To Live (TTLs) a reasonable fraction of the signature validity > > period?" <snip> > We currently test on the TTL being at least 2 times smaller than the > signature validity period. ok, ta, sounds "reasonable" to me. > > > > I'm confused about this para on same page: > > It will use the "ds-rdata:" attribute of the domain object currently > > available in the RIPE Whois Database to select the appropriate default > > DNSKEY RR. It will then select a new "ds-rdata:" attribute." > > > > How do you use the "currently available object" to create an object if > > this object doesn't exist until you create it? > > > > That text applies to when a key rollover is being performed. During > the initial upload the default is > the DNSKEY RR with the SEP flag set. aha, sorry it wasn't clear to me at the time, it is now. Will it be clear to non-english speakers who try to follow the procedure? Maybe a mention of the key rollover would generate less confusion? <snip> > > I hope this clarifies. yes, thnx. -- Greetz, McTim nic-hdl: TMCG
- Previous message (by thread): [dns-wg] DNSSEC Policy Development Process
- Next message (by thread): [dns-wg] DNSSEC Policy Development Process
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]