[dns-operations] Allowance for inaccurate clocks
Peter Koch
pk at DENIC.DE
Thu Mar 17 02:34:56 UTC 2011
On Wed, Mar 16, 2011 at 06:50:04PM -0400, Olafur Gudmundsson wrote:
> I agree with Mark, here 1 day in the past is a good time for signature
> initiation time.
while I cannot see a specific reason to be too strict with the inception
time, the logic re: clock fuzz would hold in the opposite direction, i.e.
whereever you'd have remaining RRSIG lifetimes of n days, you'd have to account
for n+1 days instead. Not sure I buy that.
-Peter
More information about the dns-operations
mailing list