[Opendnssec-develop] Proposed KASP changes for 1.4/trunk

Tue Apr 17 13:04:24 UTC 2012

I think we should consider increasing the default signature lifetime to 14 days and the ZSK lifetime to 90 days.

What say you?

	jakob


Index: kasp.xml.in
===================================================================

--- kasp.xml.in	(revision 6260)
+++ kasp.xml.in	(working copy)
@@ -21,8 +21,8 @@
 			<Resign>PT2H</Resign>
 			<Refresh>P3D</Refresh>
 			<Validity>
-				<Default>P7D</Default>
-				<Denial>P7D</Denial>
+				<Default>P14D</Default>
+				<Denial>P14D</Denial>
 			</Validity>
 			<Jitter>PT12H</Jitter>
 			<InceptionOffset>PT3600S</InceptionOffset>
@@ -58,7 +58,7 @@
 			<!-- Parameters for ZSK only -->
 			<ZSK>
 				<Algorithm length="1024">8</Algorithm>
-				<Lifetime>P30D</Lifetime>
+				<Lifetime>P90D</Lifetime>
 				<Repository>SoftHSM</Repository>
 				<!-- <ManualRollover/> -->
 			</ZSK>

-- 
Jakob Schlyter
Kirei AB - http://www.kirei.se/


