nanog mailing list archives
Root and ARPA DNSSEC operational message -- signature validity period
From: "Wessels, Duane" <dwessels () verisign com>
Date: Tue, 30 Aug 2016 21:32:53 +0000
DNSSEC signatures in the Root and ARPA zones are currently given a validity period of 10 days. The validity period is being increased to 13 days, per the recommendations of RSSAC's Report on Root Zone TTLs [1] (aka RSSAC003). Note that we are not aware of any cases where the 10-day signature validity period has caused problems for DNSSEC validators. This is a precautionary measure designed to accommodate a worst-case scenario. This change will be implemented on September 6, 2016. Please feel free to contact us at RZM () verisign com with concerns or questions, and to forward this notice to others who may not have already received it. [1] https://www.icann.org/en/system/files/files/rssac-003-root-zone-ttls-21aug15-en.pdf DW
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- Root and ARPA DNSSEC operational message -- signature validity period Wessels, Duane (Aug 30)