Re: APT public key updates?

To: debian-devel@lists.debian.org
Subject: Re: APT public key updates?
From: be-news06@lina.inka.de (Bernd Eckenfels)
Date: Fri, 06 Jan 2006 08:26:52 +0100
Message-id: <[🔎] E1Eulzw-0000sH-00@calista.inka.de>
In-reply-to: <[🔎] 87d5j5et1b.fsf@becket.becket.net>

Thomas Bushnell BSG <tb@becket.net> wrote:
> It seems to me that this kind of computation depends intrinsically on
> how long it takes to compromise.  If it takes eleven months, then
> we're currently screwed.  It seems unlikely to me that this kind of
> analysis has taken place, which makes it unlikely that this is
> actually the explanation for our current practice.

The main reasons imho for expiring organisational keys are those:

a) limit the revocation lists (n/a in this case, I guess)
b) limit the lifetime of an exposed key (i.e. if ftpmaster leaves team)
c) limit the lifetime in case of expected compromise of algorithms (the later
is important in the long run, not in the year timescale we do it right now)

Greetings
Bernd

Reply to:

References:
- Re: APT public key updates?
  - From: Thomas Bushnell BSG <tb@becket.net>

Prev by Date: Work-needing packages report for Jan 6, 2006
Next by Date: Re: APT public key updates?
Previous by thread: Re: APT public key updates?
Next by thread: Re: APT public key updates?
Index(es):
- Date
- Thread