Date: Mon, 13 Nov 2017 16:07:35 -0500 From: Viktor Dukhovni <freebsd@dukhovni.org> To: freebsd-net@freebsd.org Subject: Re: chroot implementation of bind and kea Message-ID: <A9A7FCC9-93CA-46D5-A753-1FDFA81F056B@dukhovni.org> In-Reply-To: <5A0A084C.2000703@quip.cz> References: <DB6PR1001MB1238A4081466628B372B5176BB2B0@DB6PR1001MB1238.EURPRD10.PROD.OUTLOOK.COM> <EE1C2891-A2C5-4CA8-9AD3-1C83DB5CB069@dukhovni.org> <5A0A084C.2000703@quip.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Nov 13, 2017, at 4:02 PM, Miroslav Lachman <000.fbsd@quip.cz> wrote: > > I think keys can be updated by updating the port or by some dedicated > periodic script. It seems safer to me. In theory it may be safer. In practice, it tends to not happen in a timely manner, leading to outages. Automated RFC 5011 key rollover is a necessity. The package needs to support it by default. -- Viktor.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A9A7FCC9-93CA-46D5-A753-1FDFA81F056B>