On Tue, Jan 27, 2015 at 05:30:26PM -0500, John wrote:
NO. I'm recommeding signature lifetimes of ~7 days for sites with the operational capacity to keep everything current on a tight schedule. This way, signatures of stale records expire quickly.
I am still not quite sure what you mean. I have a sneaky feeling that we are talking about two different things. My DNSKEYs have a life of about 60 days. which is what I thought you were taking about.
I am NOT talking about key lifetimes. I am talking about signature lifetimes.
However, if I look a little closer I see that my RRSIG has a life of about 30 days. I don't remember specifying any times when I signed my zones, plus I am now using inline signing.
That's what I'm talking about. The 30 day lifetime is likely a default if you don't override it. It is likely best to leave it that way, unless you have stricter security requirements and the operational capability to work within a more narrow expiration window.
Likewise, keep the crypto settings mainstream. Having keys "more secure" than the root and/or your parent domain's makes no sense.
There are no security proofs for fundamental crypto primitives other than the ever impractical one-time pad. Everything else is at best a reasonable trade-off. At this point in time RSA 2048 is a reasonable trade-off. Stronger RSA keys for DNSSEC are not reasonable, and ECC is for now not sufficiently interoperable and the best curve choices are about to change.
So I think it is fair to say that at present best practice is to use a 2048-bit algorithm 8 KSK, and either a 2048-bit or even a 1024-bit (rotated periodically to suit your taste) algoritm 8 ZSK.
Anything more exotic is likely counter-productive.