search

cryptostorm / cstorm_deepDNS

cryptostorm's DeepDNS, a decentralized, crypto-hardened, DNS framework
94 stars 18 forks source link

[FIXED] Hardening DNSCrypt #5

Closed sergeevabc closed 6 years ago

sergeevabc commented 6 years ago 
dnscrypt-proxy: Generating a new session key pair
dnscrypt-proxy: Done
dnscrypt-proxy: Server certificate with serial '0001' received
dnscrypt-proxy: This certificate is valid
dnscrypt-proxy: Chosen certificate #808****** is valid from [2016-11-03] to [2026-11-01]
dnscrypt-proxy: The key rotation period for this server may exceed the recommended value. This is bad for forward secrecy.

Could you make keys rotation happen every 24 hours at least, not every 10 years like it is now? It seems quite simple to implement according to this and that posts.

df-cryptostorm commented 6 years ago

Added cronjobs to all the servers that'll rotate the keys every 24 hours.