On Wed, Mar 20, 2024 at 09:23:58AM -0400, Jeffrey Walton wrote: [...] > > Also, are you saying that you do not let users rotate their keys > > themselves; and if so, why on Earth not? > > Key continuity has turned out to be a better security property than > key rotation. It is wise to avoid gratuitous rotation schemes. I will be the last ne to advocate any gratuitous rotation scheme (key or password or anything). My point is giving users enough wits and power (and competent help) to make good decisions and to implement them. If my laptop gets stolen, I'll definitely generate new keys. Cheers -- t
Attachment:
signature.asc
Description: PGP signature