> The key rotation as described in RiseUp best practices should be a very > rare occurrence. Each dev is going to run it at most once. >
Some material I read recommended doing a key rotation every 6 months, which I did for a while until it got tiresome to perform the rotation. I believe the rationale behind it was basically, the longer you use a key, and the more data you produce signed by a key, the more leverage an attacker has against you to compromise the key. But I have no idea if that is really relevant or not. -- Kent perl -e "print substr( \"edrgmaM SPA NOcomil.ic\\@tfrken\", \$_ * 3, 3 ) for ( 9,8,0,7,1,6,5,4,3,2 );" http://kent-fredric.fox.geek.nz
