[Freeipa-devel] [PATCH 0249] DNSSEC: update kasp configuration template: increase key size & lifetime
Martin Basti
mbasti at redhat.com
Fri May 15 11:33:01 UTC 2015
On 15/05/15 13:12, Petr Spacek wrote:
> On 14.5.2015 17:23, Martin Basti wrote:
>> https://fedorahosted.org/freeipa/ticket/4657
> Looking at 3072 bit key size, I think we can prolong KSK key rotation period
> to 2 years.
>
> It should be okay according to http://dx.doi.org/10.6028/NIST.SP.800-81-2
> section 11.2.
>
> Modified patch is attached.
>
> Thank you for reviewing it :-)
>
ACK
--
Martin Basti
More information about the Freeipa-devel
mailing list