KASP
KASP: Key and Signature Policy
Policy:
Signatures
Resign |
|
Refresh |
|
Validity Default |
|
Validity NSEC/NSEC3 |
|
Jitter |
|
Inception Offset |
|
Denial of Existence
Method |
NSEC3 |
Opt-Out |
|
Resalt |
|
Hash Algorithm |
|
Hash Iterations |
|
Hash Salt Length |
|
Key Parameters
TTL |
|
Retire Safety |
|
Publish Safety |
|
Share Keys? |
|
Purge dead keys after |
|
KSK |
ZSK |
Use RFC5011? |
|
Zone Parameters
Propagation Delay |
|
SOA TTL |
|
SOA Minimum |
|
SOA Serial Format |
|
Parent Parameters
Propagation Delay |
|
DS TTL |
|
SOA TTL |
|
SOA Minimum |
|
Reserved (
)
RSA/MD5 (deprecated)
Diffie-Hellman
DSA/SHA-1
Reserved for ECC
RSA/SHA-1
DSA/SHA-1 for NSEC3
RSA/SHA-1 for NSEC3
RSA/SHA-256
RSA/SHA-512
Reserved for indirect keys
Private algorithms - domain name
Private algorithms - OID
Reserved (
)
Unassigned (
)
SHA-1
Counter
UNIX Timestamp (as 32-bit Unsigned Integer)
YYYYMMDDnn (Date + 2-Digit-Counter)
Keep Serial from the Unsigned Zone
Yes
No
Algorithm |
,
bits
|
Lifetime |
|
Repository |
|
Number of Standby Keys |
|
Manual Rollover? |
|
day
days
month
months
year
years
second
seconds
minute
minutes
hour
hours