On Sat, 27 Jul 2013, Paul E Condon wrote:Switching to a new one and disposing of the older one is, for whatever
> I intended the question to be answered in the context of the post by
> Henrique de Moraes Holschuh, where 'across security domains' is
> considered less desirable than 'across hosts'. I know what hosts are
> when writing computer stuff, but, come to think about it what does it
> mean to rotate keys? Is the idea that a particular key string is to be
reason, usually called "rotating the keys".
> reused on some host after it has been removed from service on someYou're correct. It is best to dispose of old keys, and never reuse them.
> other host? I had thought that it was best to never use a retired key
> string again - but security is tricky - maybe there might be some
You could do that, but there might be risks associated with that (or not).
> point in using old strings as the keys on some (unmentioned) honey pot
> servers.