[Opendnssec-develop] Proposed KASP changes for 1.4/trunk
Matthijs Mekking
matthijs at nlnetlabs.nl
Tue Apr 17 13:07:50 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Yes.
On 04/17/2012 03:04 PM, Jakob Schlyter wrote:
> I think we should consider increasing the default signature
> lifetime to 14 days and the ZSK lifetime to 90 days.
>
> What say you?
>
> jakob
>
>
> Index: kasp.xml.in
> ===================================================================
>
>
- --- kasp.xml.in (revision 6260)
> +++ kasp.xml.in (working copy) @@ -21,8 +21,8 @@
> <Resign>PT2H</Resign> <Refresh>P3D</Refresh> <Validity> -
> <Default>P7D</Default> - <Denial>P7D</Denial> +
> <Default>P14D</Default> + <Denial>P14D</Denial> </Validity>
> <Jitter>PT12H</Jitter> <InceptionOffset>PT3600S</InceptionOffset>
> @@ -58,7 +58,7 @@ <!-- Parameters for ZSK only --> <ZSK> <Algorithm
> length="1024">8</Algorithm> - <Lifetime>P30D</Lifetime> +
> <Lifetime>P90D</Lifetime> <Repository>SoftHSM</Repository> <!--
> <ManualRollover/> --> </ZSK>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJPjWskAAoJEA8yVCPsQCW5H7wH/2ktWYHgNxe8Ly9FHoExOSMG
ERsHYE92zd/BZtiWpfmKq2nXll5UEeHbCcYUSmMTllpbcxKPUhveAZUGKYGjZfIq
Z7QvnnJSqhh5xk2aOWteN0M1izwpG/3OTrD/EPJi1cqWb6ZjGZxIqyoNCQwMfLOm
mqHdNixjlIMP9j+zFKEEuCeqnTMFWAJX9gTtmvAu7OK/6XBgZB9l5In32aH9H+Kv
D6OaHN8GEmWMjT1g47s5jveqFOEF3eyn74ts457iY46SW7nAwWZ116PcjZr6lz6D
jgBPD7MOUno8GQdkv8AF7A9v9wjaVUySm3M6RdY2TiX+RYkk1cEih6hK0/3R+78=
=qbEB
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list