On Wed, 15 Jun 2005 10:55:42 +0100 Ben Laurie <[EMAIL PROTECTED]> wrote:
> > > One thing that hasn't been noted, as far as I can see, is that there's > not much point having a key longer than your parent's key. > Good catch... Thanks > Or, to turn it on its head, if you want to use a key of size K, then you > should make sure your parent signs it with a key of size K or larger. > The exception here would be the folk that also use this key as a trust-anchor locally. Then local policy may want to dictate a longer key than the parents. -- Olaf ---------------------------------| Olaf M. Kolkman ---------------------------------| RIPE NCC ---------------------------------| JID: olaf at jabber.secret-wg.org . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
