At 11:46 AM +0000 9/29/08, [EMAIL PROTECTED] wrote:
your selection of 12-13 months and 25 years are suspect. Can you provide the underlaying bias for these tiemframes?
The 12 month timeframe was adopted from the current 4641. I assume that this WG decided that, if you want to do rollovers to keep operational experience fresh in mind, that was the right period. Seems reasonable to me.
The 25 years is based on experience from the web CA field, where the trust anchors are likely to be protected with the same tools as those that 4641 suggests high-value trust anchors for DNSSEC. As Wes pointed out, I conflated "25 years" and "never", which was a mistake. I like his replacement of "...effective longer than most operational environments exist without change", and 25 years seems to be a reasonable guess at that.
--Paul Hoffman, Director --VPN Consortium _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
