DNSSEC intervals
John
john at klam.ca
Sun Jan 18 20:32:02 CET 2015
I have been tying to find out if there are any recommendations about the
various intervals in a keys life, e.g. how long between publication and
activation? Ditto for activation to inactivation? Ditto for inactivation
to deletion?
I Googled it, but the info out there is not very helpful;
Microsoft; 7 - 7300 days (recommends 755 days) for KSK and 7 to 1875
days (recommends 90 days) for ZSK.
ENISA 365-1460 days (recommends 1 yr) KSK, 1 yr for ZSK
NIST 1 - 2 yrs for KSK, 1 - 3 m for ZSK.
Plus a lot of other recommendations ranging from 1 to 5yrs for KSK and
from 14 days to 2 yrs for ZSK.
I am currently think along the lines of 90 days from Creation to
Deletion with active life of 30 days for ZSKs. 420 days from Creation to
Deletion with an active life of 360 days for KSKs.
Are these reasonable?
Plus, what are the "names" for the various intervals, there does not
seem to be a consistent naming convention, the various points in the
timeline seem to have fairly standard names but not intervals.
What is the period from creation to publication called? ditto
publication to activation, activation to inactivation, inactivation to
deletion?
--
John Allen
KLaM
------------------------------------------
You are off the edge of the map, mate. Here there be monsters!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4268 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://mail.sys4.de/cgi-bin/mailman/private/dane-users/attachments/20150118/d0141907/attachment.bin>
More information about the dane-users
mailing list