>>>>> On Wed, 11 Apr 2012 06:28:49 -0700, Nicholas Weaver >>>>> <nwea...@icsi.berkeley.edu> said:
NW> a) If end-time is specified as a date, not an interval, you can set NW> the date to be 'end of epoch', so you can basically have it 'stay NW> forever', even if thats not advised That's why I suggested the upper limit, and the config would need to be time based. IE: NTA example.com Thu Apr 12 09:06:42 PDT 2012 Note that if you really need to keep some trust anchors around for a long time, it's still very hackable via a cron script: rm /etc/long-ntas.conf for i in example.com other.example.com ; do echo "NTA $i `date -d '+1 day'`" >> /etc/long-ntas.conf done # restart/reconf/etc here [btw, I said "one day" based on the original wording in the draft that implied that was a reasonable upper limit. I'm not sure that one day is the right period actually] [btw2, I'd expect many (most?) implementations to ignore the SHOULD :-( ] -- Wes Hardaker SPARTA, Inc. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop