Starting with OpenDNSSEC 1.4, we have changed the default signature lifetime to
14 days (was 7 days). We have also changed the default ZSK lifetime to 90 days
(was 30 days). Both these changes are the result of a discussion among the
OpenDNSSE developers and we believe the new values makes more
> Reading RFC 4641bis version 11, section 4.4.2.3 mentions why it's a good
> idea to have different lifetimes, but it's not very strong about it. Is
> still a good idea to have a different policy? I understand that policy
> decisions are local and different lifetimes can be avoided by using the
> s
