David Schwartz wrote:
Arguably, you shouldn't do it even once, because it's extremely easy
to fall into the pattern of "one key and one key only" in the systems
design or implementation. I can't remember who coined the phrase, but
it's not "good crypto hygeine".
I have argued many times that not including the creation date in every private
key data format was a *huge* mistake.
And you have argued wrongly.
Such matters of key usage policy are in the domain of the CA and/or RA --
They have nothing to do with cryptography per se.
- Michael
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]