DNSOP mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: dnsop <dnsop@cafax.se>
From: Miek Gieben <miekg@nlnetlabs.nl>
Date: Mon, 23 Oct 2000 14:06:42 +0200
Content-Disposition: inline
Sender: owner-dnsop@cafax.se
User-Agent: Mutt/1.2.5i
Subject: keysets at the registry

hi,

Were having the following problem.

I'm playing a registry, and for now i have 1 child: nlnetlabs.nl.nl.

The child want to be secure, so it sends a keyset to me.
That keyset contains the public key and a sig with
an expiration and inception time.

Now it is time for the registry to sign the key of nlnetlabs.nl.nl.
So i give the following command:
/nlnl/sbin/dnssec-signkey nlnetlabs.nl.nl.keyset ../Knl.nl.+001+26773.private 

This results in nlnetlabs.nl.nl.signedkey with the _same_ 
expiration and inception time as the original keyset.

When this sigs expires and the registry wants to resign the keyset, it
must get a new keyset from the child.

Is this really necessary? Why not only send a key to the registry?

grtz Miek
NLnet Labs

Follow-Ups:
- Re: keysets at the registry
  - From: Brian Wellington <Brian.Wellington@nominum.com>
- Re: keysets at the registry
  - From: Edward Lewis <lewis@tislabs.com>

Prev by Date: Re: DNSSEC and Parent SIG in Child zone
Next by Date: Re: keysets at the registry
Prev by thread: Re: DNSSEC and Parent SIG in Child zone
Next by thread: Re: keysets at the registry
Index(es):
- Date
- Thread

Home | Date list | Subject list