[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-net
Subject: Re: chroot implementation of bind and kea
From: Viktor Dukhovni <freebsd () dukhovni ! org>
Date: 2017-11-13 21:07:35
Message-ID: A9A7FCC9-93CA-46D5-A753-1FDFA81F056B () dukhovni ! org
[Download RAW message or body]
> On Nov 13, 2017, at 4:02 PM, Miroslav Lachman <000.fbsd@quip.cz> wrote:
>
> I think keys can be updated by updating the port or by some dedicated
> periodic script. It seems safer to me.
In theory it may be safer. In practice, it tends to not happen in a timely
manner, leading to outages. Automated RFC 5011 key rollover is a necessity.
The package needs to support it by default.
--
Viktor.
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic