On Wed, Apr 16, 2014 at 12:35:23PM CEST, Joel Rees <joel.r...@gmail.com> said: > > For those who are getting excited, don't. Take the time to understand the > whole process, and the reason certificates and cryptographic tokens should > be rotated, and how you go about doing it. (They should be rotated anyway, > and if you don't, well, it's time to start leaning how, and this is as good > a reason as any.) > > Incidentally, nobody does it right yet, not even the banks. In my way of > thinking, that's a bigger problem than being able to reach blindly into a > server's memory.
Some do, however only ther certificate expires, not the keys... Thus many of those who rotate the certificate just issue a new one with existing key, just changing the dates and signing. And that's bad. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140416110455.gb15...@rail.eu.org
