[dns-operations] [DNSSEC] Signature lifetime

Stephane Bortzmeyer bortzmeyer at nic.fr
Fri Jun 25 07:47:14 UTC 2010

On Thu, Jun 24, 2010 at 06:17:10AM -0400,
 Olafur Gudmundsson <ogud at ogud.com> wrote 
 a message of 39 lines which said:

> Signature life time > Zone Expiry + signature refresh period
> Everything shorter is arguably irresponsible.

Some of the people who replied on this thread discussed the *minimum*
reasonable signature lifetime. But I was more interested by the
*maximum* (one entire year for ietf.org...). Any more thoughts on it?

More information about the dns-operations mailing list