[Dnssec-deployment] Signed TLD status
Rickard Bellgrim
rickard.bellgrim at iis.se
Tue Sep 28 03:17:52 EDT 2010
On 28 sep 2010, at 05.43, Casey Deccio wrote:
> Proper TTL expiration is the only way to make sure obsolete RRsets are
> effectively flushed from caches, so they don't result in bogus
> validation.
Regarding all this discussion about the timing issues, I would recommend reading the following draft:
http://tools.ietf.org/html/draft-morris-dnsop-dnssec-key-timing-02
// Rickard
More information about the Dnssec-deployment
mailing list