1 | <?xml version="1.0" encoding="UTF-8"?> |
---|
2 | <html xmlns="http://www.w3.org/TR/xhtml1/strict"> |
---|
3 | <head> |
---|
4 | <title>KASP</title> |
---|
5 | <style type="text/css"> |
---|
6 | td.tag { background-color: #dddddd; width: 5cm; } |
---|
7 | td.value { width: 10cm; } |
---|
8 | </style> |
---|
9 | </head> |
---|
10 | <body><h1>KASP: Key and Signature Policy</h1> |
---|
11 | <h2>Policy: default</h2><p><small>LPNZ policy</small></p> |
---|
12 | |
---|
13 | <h3>Signatures</h3><table><tr><td class="tag">Resign</td><td class="value">2 hours</td></tr><tr><td class="tag">Refresh</td><td class="value">3 days</td></tr><tr><td class="tag">Validity Default</td><td class="value">7 days</td></tr><tr><td class="tag">Validity NSEC/NSEC3</td><td class="value">7 days</td></tr><tr><td class="tag">Jitter</td><td class="value">12 hours</td></tr><tr><td class="tag">Inception Offset</td><td class="value">3600 seconds</td></tr></table> |
---|
14 | |
---|
15 | <h3>Denial of Existence</h3> |
---|
16 | <table><tr><td class="tag">Method</td><td class="value">NSEC</td></tr></table> |
---|
17 | |
---|
18 | |
---|
19 | <h3>Key Parameters</h3><table><tr><td class="tag">TTL</td><td class="value">3600 seconds</td></tr><tr><td class="tag">Retire Safety</td><td class="value">3600 seconds</td></tr><tr><td class="tag">Publish Safety</td><td class="value">3600 seconds</td></tr><tr><td class="tag">Share Keys?</td><td class="value">No</td></tr><tr><td class="tag">Purge dead keys after</td><td class="value">14 days</td></tr><tr><td colspan="2"><b>KSK</b></td></tr><tr><td class="tag">Algorithm</td><td class="value">RSA/SHA-256, 2048 bits</td></tr><tr><td class="tag">Lifetime</td><td class="value">2 years</td></tr><tr><td class="tag">Repository</td><td class="value">SoftHSM-KSK</td></tr><tr><td class="tag">Number of Standby Keys</td><td class="value"/></tr><tr><td class="tag">Manual Rollover?</td><td class="value">No</td></tr><tr><td class="tag">Use RFC5011?</td><td class="value">No</td></tr><tr><td colspan="2"><b>ZSK</b></td></tr><tr><td class="tag">Algorithm</td><td class="value">RSA/SHA-256, 1024 bits</td></tr><tr><td class="tag">Lifetime</td><td class="value">30 days</td></tr><tr><td class="tag">Repository</td><td class="value">SoftHSM-ZSK</td></tr><tr><td class="tag">Number of Standby Keys</td><td class="value">1</td></tr><tr><td class="tag">Manual Rollover?</td><td class="value">No</td></tr></table> |
---|
20 | |
---|
21 | <h3>Zone Parameters</h3><table><tr><td class="tag">Propagation Delay</td><td class="value">43200 seconds</td></tr><tr><td class="tag">SOA TTL</td><td class="value">3600 seconds</td></tr><tr><td class="tag">SOA Minimum</td><td class="value">3600 seconds</td></tr><tr><td class="tag">SOA Serial Format</td><td class="value">YYYYMMDDnn (Date + 2-Digit-Counter)</td></tr></table> |
---|
22 | |
---|
23 | <h3>Parent Parameters</h3><table><tr><td class="tag">Propagation Delay</td><td class="value">9999 seconds</td></tr><tr><td class="tag">DS TTL</td><td class="value">3600 seconds</td></tr><tr><td class="tag">SOA TTL</td><td class="value">172800 seconds</td></tr><tr><td class="tag">SOA Minimum</td><td class="value">10800 seconds</td></tr></table> |
---|
24 | |
---|
25 | |
---|
26 | |
---|
27 | </body> |
---|
28 | </html> |
---|