Support key rollover in IANA trust anchors
Opened this issue · 0 comments
gnarea commented
Describe the problem
Trust anchors currently don't have a "validity period", which means that next time IANA initiates a key rollover and we include the new DS
RDATA in newer versions of this library, the old DS
may eventually remain valid past its expiry in apps running old versions of this library.
Describe the solution you'd like
Add optional inceptionDate
and expiryDate
fields to our TrustAnchor
, and use them:
dnssec-js/src/lib/TrustAnchor.ts
Lines 4 to 9 in ef0b795
Additional context
I don't think I've seen this feature in other DNSSEC implementations. dnsjava definitely doesn't support it.