State diagram for DNSsec key lifecycle
Axel Rau
Axel.Rau at chaos1.de
Sat Feb 11 10:33:02 UTC 2012
Am 10.02.2012 um 01:57 schrieb Mark Andrews:
> You don't submitt the initial DS until the KSK is active and any old
> state about the DNSKEY as clear caches. I recommend "activate" +
> "publish" at the same time.
I see. draft-ietf-dnsop-dnssec-key-timing-02 uses the term 'used for signing' as synonym for 'active' on page 22.
I will update the diagram.
Axel
---
PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ computing @ chaos claudius
More information about the bind-users
mailing list