On Tue, 23 Feb 2010, Alan Clegg wrote:

For the record, NIST recommends to roll the ZSK every three months, and
the KSK every two years.

And there are lots of other opinions on this timing as well.

Note that you cannot really talk about rolling key recommendations without
mentioning the key sizes (and algorithms) involved.

I believe the above NIST recommendation is for 1024 bit RSASHA1 ZSK's
and 2048 bit RSASHA1 2048 bit keys. They might also apply to RSASHA256 keys.

bind-users mailing list

Reply via email to