To:
Mark.Andrews@nominum.com
Cc:
"D. J. Bernstein" <djb@cr.yp.to>, ngtrans@sunroof.eng.sun.com, namedroppers@ops.ietf.org, ipng@sunroof.eng.sun.com, dnsop@cafax.se
From:
Mark.Andrews@nominum.com
Date:
Sat, 28 Jul 2001 17:45:03 +1000
In-reply-to:
Your message of "Sat, 28 Jul 2001 17:38:08 +1000." <200107280738.f6S7c8u63269@drugs.dv.isc.org>
Sender:
owner-dnsop@cafax.se
Subject:
Re: NGtrans - DNSext joint meeting, call for participation
Third time lucky ... > Dan, > your claim is that you have to re-sign every record in > a zone daily to achieve a 1 day replay window. I'm stating > that you can achieve the same protection without re-signing > every record daily. > > Pre change: > example.com KEY alpha > example.com SIG KEY expire=200107292257 (1 day) > host.example.com A 1.2.3.4 > host.example.com SIG A expire=200108272257 (30 days) > > Post change: > example.com KEY beta > example.com SIG KEY expire=200107072258 (1 day) This should have been example.com SIG KEY expire=200107292258 (1 day) > host.example.com A 1.2.3.5 > host.example.com SIG A expire=200108272258 (30 days) > > Please explain how you can verify > host.example.com A 1.2.3.4 > host.example.com SIG A expire=200108272257 > after 200107292257. > > Mark -- Mark Andrews, Nominum Inc. 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@nominum.com