State diagram for DNSsec key lifecycle
Spain, Dr. Jeffry A.
spainj at countryday.net
Thu Feb 9 23:54:44 UTC 2012
> Please comment on this state diagram:
> https://www.chaos1.de/svn-public/repos/network-tools/DNSsec/trunk/dnssec_key_states.pdf
For greater clarity, I suggest that for the state transitions (captions on the arrows), you refer specifically to the four metadata timestamps that are present in the keys: Publish, Activate, Inactive, and Delete, since these govern what bind does with the keys.
I think it would help also to add some information about how you will set the values for these timestamps when the keys are generated with dnssec-keygen.
You don't address the issue of key revocation, but perhaps that should wait for later.
Jeffry A. Spain
Network Administrator
Cincinnati Country Day School
More information about the bind-users
mailing list