On Sun, 2011-10-16 at 12:13 +0100, Phil Mayers wrote: > On 10/15/2011 08:32 PM, Mark Elkins wrote: > > > > So what you are saying in practical terms is in order to migrate from > > RSASHA1 to RSASHA256, wait for the next needed creation of a ZSK (which > > cycle once a year) and then at exactly the same time start using > > RSASHA256 on the KSK's (which cycle every month) - making any existing > > Why are you rotating your KSK monthly, but your ZSK yearly? That's the > wrong way round, surely?
*blush* - Yes. Should check what I write more closely. KSK about once a year and ZSK about once a month is more or less what I really do. -- Mark Elkins <m...@posix.co.za> Posix Systems
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
