Re: Bind 9.5.0-P2, DNSSEC and /dev/random
> > And based on my reading of the intro these keys need to be updated at[color=blue][color=green]
> > least monthly?
> > Michael[/color]
> The frequency keys need to be changed is based on their
> strength (size). The current recommendations are very
> conservitive and also factor in that humans need to repeat
> operations regularly to get them correct and not forget how
> to do the rollover. From a crypto standpoint alone you,
> generally, don't need to roll keys monthly.
> As more and more automation takes place the frequency of
> rolling keys will fall more and more into line with their
> crypto strength rather than be driven by human requirements.
> SSL certificates are valid for multiple years and they use
> the same crypto. They are also simpler to use at this point
> in time. Buy and copy into place.[/color]
So for the domain name "networkstuff.co.nz", I would need to buy a certificate
for "networkstuff.co.nz" or would it need to be a wildcard certificate?
ie: "*.networkstuff.co.nz" as these are expensive...