Re: APT public key updates?
Thomas Bushnell BSG <firstname.lastname@example.org> wrote:
> It seems to me that this kind of computation depends intrinsically on
> how long it takes to compromise. If it takes eleven months, then
> we're currently screwed. It seems unlikely to me that this kind of
> analysis has taken place, which makes it unlikely that this is
> actually the explanation for our current practice.
The main reasons imho for expiring organisational keys are those:
a) limit the revocation lists (n/a in this case, I guess)
b) limit the lifetime of an exposed key (i.e. if ftpmaster leaves team)
c) limit the lifetime in case of expected compromise of algorithms (the later
is important in the long run, not in the year timescale we do it right now)