In message <[email protected]>, James Cloos writes: > It looks like a let offline distractions get the better of me with my > previous post on this topic. > > What I wanted to write is that, given that dns servers cope well with > very short RR TTLs, they also should cope well with short-duration RRSIGs.
Actually they don't. TTL are relative times. RRSIGs contain absolute time. TTLs say delete this in X seconds. RRSIGs say stop believing this a YYYYMMSSHHMMSS. If your clock is a day fast (a very real failure senario) it has NO impact on how the TTL is interpreted. It has a big impact on how the RRSIG values are interpreted. > -JimC > -- > James Cloos <[email protected]> OpenPGP: 1024D/ED7DAEA6 > _______________________________________________ > dane mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dane -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
