28 Mar
2017
28 Mar
'17
2:06 p.m.
On Tue, Mar 28, 2017 at 01:18:57PM -0400, John Allen wrote:
What would be a "good" TTL for TLSA records. Because of there use in validating encryption certs, etc I assume that the shorter the better. I currently use 15min, is this too long or too short?
the TTL is part of the DNS control plane and not strongly related to validity of the data (and neither is the DNSSEC signature lifetime, btw).
What threat or failure would suggest that 15 minutes was "too long"?
-Peter