State diagram for DNSsec key lifecycle
Axel Rau
Axel.Rau at Chaos1.DE
Thu Feb 16 20:56:17 UTC 2012
Am 14.02.2012 um 16:33 schrieb Axel Rau:
>
> Am 13.02.2012 um 19:48 schrieb Axel Rau:
>
>> Here is the next revision with comments from Mark and Jeff incorporated (same URL):
>> https://www.chaos1.de/svn-public/repos/network-tools/DNSsec/trunk/dnssec_key_states.pdf
>> I'm still unsure about submitting the follow-up DS while its KSK not yet active.
>> Please review carefully and comment. Simplifications are also welcome.
> From state 'KSK2 active KSK1 inactive' to state 'DS1 retired from parent' the diagram shows a delay of MD.
> Keeping the DS after inactivity of its KSK makes no sense to me.
>
> What do you mean?
Due to lack of input, I did a major rework of the diagram, based on NIST 800-81r1.
Axel
---
PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ computing @ chaos claudius
More information about the bind-users
mailing list