On Oct 7, 2009, at 2:44 PM, Eric Rescorla wrote:
From this perspective we might roll a ZSK more frequently than a KSK because the ZSK needs to be stored on-line to facilitate re-signing when the zonechanges. With the KSK we have the option of keeping it off-line, andarguably the risk of compromise is consequently lower. Regular testing ofthe machinery is still important, however.Again, this seems like an argument for the ZSK/KSK split, which I'm not really arguing against (I haven't developed an opinion). My argument is purely against generating a new ZSK every time you sign it with the KSK. I don't think that provides much security benefit and certainly does have plenty ofroom for error.
Aha, I agree, FWIW there is no such requirement/suggestion in 4641 or 4641 bis.
--Olaf
________________________________________________________
Olaf M. Kolkman NLnet Labs
Science Park 140,
http://www.nlnetlabs.nl/ 1098 XG Amsterdam
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
