To:
olaf@ripe.net (Olaf M. Kolkman)
Cc:
bmanning@isi.edu, scottr@antd.nist.gov, dnssec@cafax.se
From:
Bill Manning <bmanning@isi.edu>
Date:
Mon, 21 Oct 2002 09:10:56 -0700 (PDT)
In-Reply-To:
<20021010152711.5bd51f3f.olaf@ripe.net> from "Olaf M. Kolkman" at "Oct 10, 2 03:27:11 pm"
Sender:
owner-dnssec@cafax.se
Subject:
Re: root zone signing and key lengths/lifetimes
% % > we are using a key signing key with a validity period of 12 months % > and zone signing keys of 30 days in the testbed. % % % I hope that the signing validity periods will be made smaller by at % least a factor 3-4. % % I wonder if 3 months for key and a week for zone signing signature % validity intervals would be feasible for the root. % % --Olaf how often can we roll the key in the endsystems? perhaps now is the time to revise the rollover draft we talked about so many months ago. -- --bill