Re: Quic: the elephant in the room

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On 4/12/21 5:54 AM, Salz, Rich wrote:

     > Thanks for the explanation.  I don't know enough DNSSEC to know if
     > that's actually deployable, but okay


    You can tune down TTLs before the change, etc.

The TTL is already a small number of seconds so that in the standard DNS case, they can switch within five seconds.

Sounds to me that, as I thought, they will have to sign a TLSA record every five seconds.  No?



Are you issuing new certificates every 5 seconds? If not, no.

Mike
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux