On Jan 21, 2010, at 1:42 PM, Edward Lewis wrote: >> Presumably there are all sorts of other credentials that control access to >> the >> ZSK (e.g., administrator SSH private keys, root passwords, etc.) Do you also >> propose to roll all of these every month? If not, why not? ... > But I think a point has been missed - the roll of keys on a periodic basis is > needed to *exercise the activity* if not achieve a higher level of security.
+1 Fixing secretly compromised ZSKs is a side benefit. Regards, -drc _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
