Connected: An Internet Encyclopedia
7.5 Signature Lifetime

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 2065
Up: 7. Operational Considerations
Prev: 7.4 Key Lifetimes
Next: 7.6 Root

7.5 Signature Lifetime

7.5 Signature Lifetime

Signature expiration times must be set far enough in the future that it is quite certain that new signatures can be generated before the old ones expire. However, setting expiration too far into the future could, if bad data or signatures were ever generated, mean a long time to flush such badness.

It is recommended that signature lifetime be a small multiple of the TTL but not less than a reasonable re-signing interval.


Next: 7.6 Root

Connected: An Internet Encyclopedia
7.5 Signature Lifetime