* Goswin von Brederlow:
> Florian Weimer <[EMAIL PROTECTED]> writes:
>
>> * Goswin von Brederlow:
>>
>>> Doesn't work if the key is ever compromised and a new one has to be
>>> created out of schedule. Or when you spend your x-mas holidays away
>>> from your system and couldn't upgrade before new years eve.
>>
>> Exactly, and this begs the question why we rotate keys at all.
>
> A key might be compromised without our knowledge.
Wouldn't it make more sense to rotate it monthly, then? Why only
replace it once a year? Why not once every three years? Or once per
release cycle?
> But that is not relevant to the problem. Experience shows that keys do
> get compromised and need changing. So rotation or no rotation the key
> change has to be handled anyway. Rotation just adds it at specific
> intervals on top of random events.
Could you point me to a deployment which relies on key rotation to
deal with key compromises? 8-)
Our users would surely thank us if we just put that damn key onto an
HSM[1] (so that a host compromise would allow an attacker to generate
a limited signatures only, while he or she has got access to the host).
[1] Even one of those OpenPGP smartcard would be good enough because
we only need to make a few signatures once or twice a day.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
