> Date: Tue, 23 Feb 2010 16:02:27 -0500 > From: Alan Clegg <acl...@isc.org> > Sender: bind-users-bounces+oberman=es....@lists.isc.org > > Nicholas Wheeler wrote: > > On Tue, 2010-02-23 at 23:40 +0300, Eugene Crosser wrote: > >> (Well, for now the plan is to do it once a year by hand. Then, we'll > >> see...) > > > > For the record, NIST recommends to roll the ZSK every three months, and > > the KSK every two years.
My copy of SP800-81r1 says ZSK 1 month and KSK 1-2 years. It also recommends a 2048 bit key for both KSK and ZSK. It was still draft when I printed it out, but I suspect that the final draft will match these recommendations. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
