subject:"\[Freeipa\-devel\] \[PATCH 0249\] DNSSEC\: update kasp configuration template\: increase key size lifetime"

Re: [Freeipa-devel] [PATCH 0249] DNSSEC: update kasp configuration template: increase key size & lifetime

2015-05-19 Thread Jan Cholasta

Dne 15.5.2015 v 13:33 Martin Basti napsal(a): On 15/05/15 13:12, Petr Spacek wrote: On 14.5.2015 17:23, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4657 Looking at 3072 bit key size, I think we can prolong KSK key rotation period to 2 years. It should be okay according to http

Re: [Freeipa-devel] [PATCH 0249] DNSSEC: update kasp configuration template: increase key size & lifetime

2015-05-15 Thread Martin Basti

On 15/05/15 13:12, Petr Spacek wrote: On 14.5.2015 17:23, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4657 Looking at 3072 bit key size, I think we can prolong KSK key rotation period to 2 years. It should be okay according to http://dx.doi.org/10.6028/NIST.SP.800-81-2 section

Re: [Freeipa-devel] [PATCH 0249] DNSSEC: update kasp configuration template: increase key size & lifetime

2015-05-15 Thread Petr Spacek

On 14.5.2015 17:23, Martin Basti wrote: > https://fedorahosted.org/freeipa/ticket/4657 Looking at 3072 bit key size, I think we can prolong KSK key rotation period to 2 years. It should be okay according to http://dx.doi.org/10.6028/NIST.SP.800-81-2 section 11.2. Modified patch is attached. Tha