[ again, thanks for an answer to the question asked ] >> anyone using the timed key-chain stuff? > > I’ve looked at it, hear it works, but not been willing to take the hit > for any transition.
and i am not sure it meets my needs. i am not seeking privacy or pfs. i want roll-if-compromise. (and no, i do not want automated compromise heuristics, a recipe for death). > > we need something that’s stable enough to last 5-7 years, which is > very different from a HTTP transaction that may live only a few > seconds. something such as, or close to, rfc 4808? randy