On 14Sep 2006, at 7:03 PM, bmanning@vacation.karoshi.com wrote:
as a suggestion, could you -please- put a date on the web page that indicates when the keys were generated or expected to be valid?
I agree the inception date to be very handy. But an expected end date has the danger that people will hard code such thing into their scripts and that might prevent rolls just like the one we see now. The minimal time they are to be valid would be OK. Then the script can take that as its TTL. I would also like to point this community to draft-ietf-dnsext- trustupdate-timers which is very relevant in this context --in terms of a standarized method for automatic rollovers-- and is about to be last called. [1] http://tools.ietf.org/wg/dnsext/draft-ietf-dnsext-trustupdate- timers/ ---Olaf ----------------------------------------------------------- Olaf M. Kolkman NLnet Labs http://www.nlnetlabs.nl/