Re: bits from the release team
* Goswin von Brederlow:
> Florian Weimer <email@example.com> writes:
>> * Goswin von Brederlow:
>>> Doesn't work if the key is ever compromised and a new one has to be
>>> created out of schedule. Or when you spend your x-mas holidays away
>>> from your system and couldn't upgrade before new years eve.
>> Exactly, and this begs the question why we rotate keys at all.
> A key might be compromised without our knowledge.
Wouldn't it make more sense to rotate it monthly, then? Why only
replace it once a year? Why not once every three years? Or once per
> But that is not relevant to the problem. Experience shows that keys do
> get compromised and need changing. So rotation or no rotation the key
> change has to be handled anyway. Rotation just adds it at specific
> intervals on top of random events.
Could you point me to a deployment which relies on key rotation to
deal with key compromises? 8-)
Our users would surely thank us if we just put that damn key onto an
HSM (so that a host compromise would allow an attacker to generate
a limited signatures only, while he or she has got access to the host).
 Even one of those OpenPGP smartcard would be good enough because
we only need to make a few signatures once or twice a day.