Root and ARPA DNSSEC operational message -- signature validity period
DNSSEC signatures in the Root and ARPA zones are currently given a validity period of 10 days. The validity period is being increased to 13 days, per the recommendations of RSSAC's Report on Root Zone TTLs [1] (aka RSSAC003). Note that we are not aware of any cases where the 10-day signature validity period has caused problems for DNSSEC validators. This is a precautionary measure designed to accommodate a worst-case scenario. This change will be implemented on September 6, 2016. Please feel free to contact us at RZM@verisign.com with concerns or questions, and to forward this notice to others who may not have already received it. [1] https://www.icann.org/en/system/files/files/rssac-003-root-zone-ttls-21aug15... DW
FYI, this work is now complete. DW
On Aug 30, 2016, at 2:32 PM, Wessels, Duane <dwessels@verisign.com> wrote:
DNSSEC signatures in the Root and ARPA zones are currently given a validity period of 10 days. The validity period is being increased to 13 days, per the recommendations of RSSAC's Report on Root Zone TTLs [1] (aka RSSAC003).
Note that we are not aware of any cases where the 10-day signature validity period has caused problems for DNSSEC validators. This is a precautionary measure designed to accommodate a worst-case scenario.
This change will be implemented on September 6, 2016. Please feel free to contact us at RZM@verisign.com with concerns or questions, and to forward this notice to others who may not have already received it.
[1] https://www.icann.org/en/system/files/files/rssac-003-root-zone-ttls-21aug15...
DW
participants (1)
-
Wessels, Duane