As a matter of fact, a lot of the security credentials (SSH keys,
passwords, etc.) are rolled on a regular basis already, as part of
institutional security policies.
But I think a point has been missed - the roll of keys on a periodic
basis is needed to *exercise the activity* if not achieve a higher
level of security.
At 13:26 -0800 1/21/10, Eric Rescorla wrote:
Again, I don't feel strongly about this, but I don't really find this
very convincing.
Presumably there are all sorts of other credentials that control access to the
ZSK (e.g., administrator SSH private keys, root passwords, etc.) Do you also
propose to roll all of these every month? If not, why not?
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar You can leave a voice message at +1-571-434-5468
As with IPv6, the problem with the deployment of frictionless surfaces is
that they're not getting traction.
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
