ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

kasp: registration delay adjustments

Browse Source 
Registration delay is not part of the Iret retire interval, thus
removed from the calculation when setting the Delete time metadata.

Include the registration delay in prepublication time, because
we need to prepublish the key sooner than just the Ipub
publication interval.

(cherry picked from commit 50bbbb76a8)
This commit is contained in:
Matthijs Mekking
2020-05-04 12:30:40 +02:00
parent 48a265b2c7
commit 437ec25c0c
3 changed files with 33 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bin/tests/system/kasp/ns3/setup.sh
View File

@@ -263,6 +263,7 @@ $SIGNER -S -x -s now-1h -e now+2w -o $zone -O full -f $zonefile $infile > signer
# It is time to pre-publish the successor ZSK.
setup step2.zsk-prepub.autosign
# According to RFC 7583:
#
# Tpub(N+1) <= Tact(N) + Lzsk - Ipub
# Ipub = Dprp + TTLkey (+publish-safety)
#
@@ -364,6 +365,7 @@ $SIGNER -S -x -s now-1h -e now+2w -o $zone -O full -f $zonefile $infile > signer
# removed from the zone.
setup step4.zsk-prepub.autosign
# According to RFC 7583:
#
# Tret(N) = Tact(N) + Lzsk
# Tdea(N) = Tret(N) + Iret
#