5 Feb
2010
5 Feb
'10
5:33 p.m.
On Fri, 5 Feb 2010, Anand Buddhdev wrote:
Things are a bit different now. DNSSEC toolsets have improved, and there are both commercial and open-source products available to handle a lot of the heavy-lifting needed to maintain DNSSEC-signed zones. It would probably be okay to have longer key lifetimes now.
I think the suggestion was to extend the current keys until July, so that the next rollover would be "covered" by the signed root. Paul