HI Olafje, On 8/30/05, Olaf M. Kolkman <olaf@ripe.net> wrote: ttp://www.ripe.net/rs/reverse/dnssec/registry-procedure.html
"Is the signature validity period close to expiring and are the Times To Live (TTLs) a reasonable fraction of the signature validity period?"
<snip> We currently test on the TTL being at least 2 times smaller than the signature validity period.
ok, ta, sounds "reasonable" to me.
I'm confused about this para on same page:
It will use the "ds-rdata:" attribute of the domain object currently available in the RIPE Whois Database to select the appropriate default DNSKEY RR. It will then select a new "ds-rdata:" attribute."
How do you use the "currently available object" to create an object if this object doesn't exist until you create it?
That text applies to when a key rollover is being performed. During the initial upload the default is the DNSKEY RR with the SEP flag set.
aha, sorry it wasn't clear to me at the time, it is now. Will it be clear to non-english speakers who try to follow the procedure? Maybe a mention of the key rollover would generate less confusion? <snip>
I hope this clarifies.
yes, thnx. -- Greetz, McTim nic-hdl: TMCG