This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[dns-wg] Re: KSK lifetimes
- Previous message (by thread): [dns-wg] KSK lifetimes
- Next message (by thread): [dns-wg] Re: KSK lifetimes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Anand Buddhdev
anandb at ripe.net
Fri Feb 5 17:26:38 CET 2010
On 05/02/2010 15:58, Jim Reid wrote: > What I do think would be helpful is a document explaining how the > eventual parameters were chosen and the trade-offs/thinking that went > into those choices. This is needed for DNSSEC generally as well as for > the root zone and the NCC's bits of the .arpa tree. The RIPE NCC was an early adopter of DNSSEC way back in 2005, and at the time, there was very little operational experience. It was important to exercise the various processes, including key roll-overs. A relatively short roll-over period of 6 months allowed us to invoke our roll-over procedures more frequently. This is especially important as some of our processes are still manual. Things are a bit different now. DNSSEC toolsets have improved, and there are both commercial and open-source products available to handle a lot of the heavy-lifting needed to maintain DNSSEC-signed zones. It would probably be okay to have longer key lifetimes now. Regards, Anand Buddhdev, DNS Services Manager, RIPE NCC
- Previous message (by thread): [dns-wg] KSK lifetimes
- Next message (by thread): [dns-wg] Re: KSK lifetimes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]