Again, I don't feel strongly about this, but I don't really find this very convincing.
Presumably there are all sorts of other credentials that control access to the ZSK (e.g., administrator SSH private keys, root passwords, etc.) Do you also propose to roll all of these every month? If not, why not? -Ekr On Thu, Jan 21, 2010 at 1:19 PM, David Conrad <d...@virtualized.org> wrote: > On Jan 21, 2010, at 1:14 PM, Edward Lewis wrote: >> Perhaps monthly rolls aren't needed for crypto-sake, but the more apparent >> this is the more apparent we need regular rolls for operations-sake. > > Thanks. > > While I might agree that _theoretically_ longer keys and/or better algorithms > removes or at least reduces the need to do frequent roles, the operational > reality empirically proven in a variety of fields is that if you don't > exercise stuff, it is going to break when you need it. > > Regards, > -drc > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop