Root and ARPA DNSSEC operational message -- signature validity period

• Previous message (by thread): IPv4 Broker
• Next message (by thread): Chinese root CA issues rogue/fake certificates
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

DNSSEC signatures in the Root and ARPA zones are currently given a validity
period of 10 days.  The validity period is being increased to 13 days, per
the recommendations of RSSAC's Report on Root Zone TTLs [1] (aka RSSAC003).

Note that we are not aware of any cases where the 10-day signature validity
period has caused problems for DNSSEC validators.  This is a precautionary
measure designed to accommodate a worst-case scenario.

This change will be implemented on September 6, 2016.  Please feel free
to contact us at RZM at verisign.com with concerns or questions, and to forward
this notice to others who may not have already received it.

[1] https://www.icann.org/en/system/files/files/rssac-003-root-zone-ttls-21aug15-en.pdf

DW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20160830/560f6944/attachment.sig>

• Previous message (by thread): IPv4 Broker
• Next message (by thread): Chinese root CA issues rogue/fake certificates
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]