Hello. Can you please confirm that my understanding of timings and
elements in kasp.xml for KskDoubleSignature is correct:
1. New KSK is generated and added to zone.
2. Wait Signatures/MaxZoneTTL for old DNSKEY RRSet to expire.
3. Publish new DS to parent zone.
4. Wait Parent/DS/TTL for old DS from parent zone to expire.
5. Remove old KSK from zone.
Is the sequence right and complete? Did I found sources for timings
correct?_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
