|
|
4.4 Signature Expiration, TTLs, and Validity
Connected: An Internet Encyclopedia
4.4 Signature Expiration, TTLs, and Validity
Up:
Connected: An Internet Encyclopedia
Up:
Requests For Comments
Up:
RFC 2065
Up:
4. The SIG Resource Record
Prev: 4.3 Processing Responses and SIG RRs
Next: 4.5 File Representation of SIG RRs
4.4 Signature Expiration, TTLs, and Validity
4.4 Signature Expiration, TTLs, and Validity
Security aware servers must not consider SIG RRs to authenticate
anything after their expiration time and not consider any RR to be
authenticated after its signatures have expired. Within that
constraint, servers should continue to follow DNS TTL aging. Thus
authoritative servers should continue to follow the zone refresh and
expire parameters and a non-authoritative server should count down
the TTL and discard RRs when the TTL is zero. In addition, when RRs
are transmitted in a query response, the TTL should be trimmed so
that current time plus the TTL does not extend beyond the signature
expiration time. Thus, in general, the TTL on an transmitted RR
would be
min(sigExpTim,max(zoneMinTTL,min(originalTTL,currentTTL)))
Next: 4.5 File Representation of SIG RRs
Connected: An Internet Encyclopedia
4.4 Signature Expiration, TTLs, and Validity
|
|
|
 |
|
|
|
Protect yourself from cyberstalkers, identity thieves, and those who would snoop on you.
| |
Stop spam from invading your inbox without losing the mail you want. We give you more control over your e-mail than any other service.
| |
Block popups, ads, and malicious scripts while you surf the net through our anonymous proxies.
| |
Participate in Usenet, host your web files, easily send anonymous messages, and more, much more.
| |
All private, all encrypted, all secure, all in an easy to use service, and all for only $5.95 a month!
|
|
Service Details
|
|
|
|
