[Dnssec-deployment] Signed TLD status

Rickard Bellgrim rickard.bellgrim at iis.se
Tue Sep 28 03:17:52 EDT 2010


On 28 sep 2010, at 05.43, Casey Deccio wrote:

> Proper TTL expiration is the only way to make sure obsolete RRsets are
> effectively flushed from caches, so they don't result in bogus
> validation.

Regarding all this discussion about the timing issues, I would recommend reading the following draft:
http://tools.ietf.org/html/draft-morris-dnsop-dnssec-key-timing-02

// Rickard



More information about the Dnssec-deployment mailing list