On Tue, Aug 25, 2009 at 01:37:32PM -0400, Joe Abley wrote:
>
> On 25-Aug-2009, at 13:13, [email protected] wrote:
>
> >>If there's no practical motivation to roll keys, then let's not do
> >>it.
> >>Rolling keys is a pain.
> >>
> >>If there *is* a practical motivation to roll keys, then let's not
> >>infer any trust at all from old keys.
> >
> > please help me understand "practical motivation"?
>
> Which word is causing you trouble? :-)
no... but that is not germaine to this thread.
the phrase, "practical motivation" is highly subjective.
one might claim there is no practical motivation, since
key roll is so much of a "pain". This is the type of
argument that claims we should plan for key "expiration"
sometime after 2039. make this a problem for our children.
another claim for practical motivation is the knowledge that
crypto is not static and whatever we use today will be breakable/broken
in our lifetimes - so not having a proven/usable key roll process
is worse than no crypto atall. (the analogy of a datacenter w/
a backup power system that is never checked/tested is too easy)
i could argue that the motivation for either choice is clear but
neither is practical ...
hence the highly subjective nature of practical motivation.
who decides? that mouse in your pocket?
>
>
> Joe
> _______________________________________________
> DNSOP mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
