Nick Phillips <[EMAIL PROTECTED]> writes: > On Thu, Jan 05, 2006 at 04:43:13PM -0800, Thomas Bushnell BSG wrote: > >> If the key is compromised, which is the only way the non-expiring key >> method can be broken, then the expiring key doesn't seem to be >> offering all that much additional security. > > If the 2006 key takes (say) 15 months to compromise, then it is fine > to use it to sign and verify the new key on 1/1/2007, so long as you > perform that verification before March...
So we are worried about compromise by direct attack, rather than compromise by misplaced or stolen equipment/etc? It seems to me that this kind of computation depends intrinsically on how long it takes to compromise. If it takes eleven months, then we're currently screwed. It seems unlikely to me that this kind of analysis has taken place, which makes it unlikely that this is actually the explanation for our current practice. Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]