[dnsop] DOP #7: Signature validity and TTL text

Olaf M. Kolkman Mon, 13 Jun 2005 07:03:30 -0700

Also see thread starting at:
    http://darkwing.uoregon.edu/~llynch/dnsop/msg03465.html





Olaf was the last to respond to Ed's original query:
>
>
>>  #4.1.1  Time Considerations
>>  #
>>
>>  #   o  We suggest the signature publication period to be at least one
>>  #      maximum TTL smaller than the signature validity period.
>>  #         Resigning a zone shortly before the end of the signature
>>  #         validity period may cause simultaneous expiration of data from
>>  #         caches.  This in turn may lead to peaks in the load on
>>  #         authoritative servers.
>>
>>  This is confusing.
>>
>>  Are you suggesting that the publication period of a signature end at least
>>  one maximum TTL duration before the end of the signature's validity period?
>
>Yes, suggested rephrase:
>
>  o   We suggest the publication period of a signature end at least one
>      maximum TTL duration before the end of the signature's validity
>      period.
>
>          Resigning a zone shortly before the end of the signature
>          validity period may cause simultaneous expiration of data
>          from caches.  This in turn may lead to peaks in the load on
>          authoritative servers.
>


The proposed rephrase still stands.


--Olaf


---------------------------------| Olaf M. Kolkman
---------------------------------| RIPE NCC
---------------------------------| JID: olaf at jabber.secret-wg.org
.
dnsop resources:_____________________________________________________
web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html
mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html

[dnsop] DOP #7: Signature validity and TTL text

Reply via email to