* Pierre Habouzit: > Proposal 1: > Proposal 2: > Proposal ...:
Sure, it is possible to devise arbitrarily complex schemes. For a key that is basically used to create a digital signature that protects against tampering along the mirror network, even yearly key rotation is way over the top. > IMHO, changing the key every year at any date is not problematic at all, > because there is plenty of solution to do smooth replacement of the > key. Our past experience totally and completely contradicts your claim. So far, each key transition has posed difficulties to significant numbers of users, even though no stable release had been affected. This is not a Debian-specific problem. Symantec and Microsoft customers exprienced significant trouble related to key rollover issues. The web browser vendors and the browser PKI auditors view key rollover as a significant risk, and demand that CA root certificates do not expire at all. The DNSSEC folks haven't found a solution to this problem, either. Based on these observations, I conclude that periodic key rollover for keys that are used in behind-the-scenes cryptographic operations simply does not work, and it's not terribly likely that it ever will. Forcing it on Debian users would be madness. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
