Re: APT public key updates?
Nick Phillips <firstname.lastname@example.org> writes:
> On Thu, Jan 05, 2006 at 04:43:13PM -0800, Thomas Bushnell BSG wrote:
>> If the key is compromised, which is the only way the non-expiring key
>> method can be broken, then the expiring key doesn't seem to be
>> offering all that much additional security.
> If the 2006 key takes (say) 15 months to compromise, then it is fine
> to use it to sign and verify the new key on 1/1/2007, so long as you
> perform that verification before March...
So we are worried about compromise by direct attack, rather than
compromise by misplaced or stolen equipment/etc?
It seems to me that this kind of computation depends intrinsically on
how long it takes to compromise. If it takes eleven months, then
we're currently screwed. It seems unlikely to me that this kind of
analysis has taken place, which makes it unlikely that this is
actually the explanation for our current practice.