On Tue, 14 Sep 2010, Joe Abley wrote: > > Doesn't trust-history impose a requirement high standards of operational > security for key materials which have long since fallen out of > production, and hence extend the possible window for a key compromise > long after the key has stopped being used? From an operational > perspective this worries me.
I haven't checked the draft, but it should be possible to throw away a private key after it has signed its successor and been decommissioned. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ HUMBER THAMES DOVER WIGHT PORTLAND: NORTH BACKING WEST OR NORTHWEST, 5 TO 7, DECREASING 4 OR 5, OCCASIONALLY 6 LATER IN HUMBER AND THAMES. MODERATE OR ROUGH. RAIN THEN FAIR. GOOD. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
