[dns-operations] [DNSSEC] Signature lifetime
Stephane Bortzmeyer
bortzmeyer at nic.fr
Fri Jun 25 07:47:14 UTC 2010
On Thu, Jun 24, 2010 at 06:17:10AM -0400,
Olafur Gudmundsson <ogud at ogud.com> wrote
a message of 39 lines which said:
> Signature life time > Zone Expiry + signature refresh period
> Everything shorter is arguably irresponsible.
Some of the people who replied on this thread discussed the *minimum*
reasonable signature lifetime. But I was more interested by the
*maximum* (one entire year for ietf.org...). Any more thoughts on it?
More information about the dns-operations
mailing list