>>>>> On Wed, 11 Apr 2012 06:28:49 -0700, Nicholas Weaver
>>>>> <[email protected]> said:
NW> a) If end-time is specified as a date, not an interval, you can set
NW> the date to be 'end of epoch', so you can basically have it 'stay
NW> forever', even if thats not advised
That's why I suggested the upper limit, and the config would need to be
time based. IE:
NTA example.com Thu Apr 12 09:06:42 PDT 2012
Note that if you really need to keep some trust anchors around for a
long time, it's still very hackable via a cron script:
rm /etc/long-ntas.conf
for i in example.com other.example.com ; do
echo "NTA $i `date -d '+1 day'`" >> /etc/long-ntas.conf
done
# restart/reconf/etc here
[btw, I said "one day" based on the original wording in the draft that
implied that was a reasonable upper limit. I'm not sure that one day is
the right period actually]
[btw2, I'd expect many (most?) implementations to ignore the SHOULD :-( ]
--
Wes Hardaker
SPARTA, Inc.
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
