On Sun, 3 Mar 2013, James Cloos wrote:
"RB" == Richard Barnes <[email protected]> writes:
RB> So short TTLs are the only tool you have.
And that really ought to be sufficient.
Just to clarify, it is the short RRSIGs that give you the "revocation"
of removing the record from the zone, not the short TTL. If your RRSIG
is set for 60 days, a short TTL does not prevent anyone from spoofing
your old key.
Paul
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
