Hi - On 22 Jun 2011, at 13:21, Gilles Massen wrote:
>> My logs regularly show them message "ZSK ... in use too long" as in >> example below. I thought this was a problem. A little investigation >> shows that this key has already been retired. >> So my conclusion is that everything is fine. > > I notice this regularly, and my conclusion is the same: no harm. Tt > seems that the auditor has a stricter interpretation of a key's > lifetime, and uses <Lifetime>, but the signed zones may contain > signatures up to <Lifetime>+<Validity>-<Refresh>. The auditor specification has been changed to add the signature validity period to the checks. This is reflected in svn trunk. Thanks, Alex._______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
