State diagram for DNSsec key lifecycle
Axel Rau
Axel.Rau at Chaos1.DE
Tue Feb 14 15:33:48 UTC 2012
Am 13.02.2012 um 19:48 schrieb Axel Rau:
> ere is the next revision with comments from Mark and Jeff incorporated (same URL):
> https://www.chaos1.de/svn-public/repos/network-tools/DNSsec/trunk/dnssec_key_states.pdf
> I'm still unsure about submitting the follow-up DS while its KSK not yet active.
> Please review carefully and comment. Simplifications are also welcome.
From state 'KSK2 active KSK1 inactive' to state 'DS1 retired from parent' the diagram shows a delay of MD.
Keeping the DS after inactivity of its KSK makes no sense to me.
What do you mean?
Axel
---
PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ computing @ chaos claudius
More information about the bind-users
mailing list