Hi,

>   Would all this extra signing lead to unnecessary leakage of the CA
> private
> key?  Do private keys become "stale" after too many uses and/or time?

no, private keys to not become stale if used properly (this includes
a number of security precautions, such as correct padding and using the
correct block size). These precautions are usually met by the software
that makes immediate use of the key, such as OpenSSL.

But there are good reasons to limit key usage of critical keys
to the necessary minimum.

Consider an environment where CA operations are subject to tight
inspection by auditing staff. The auditors would want to have the
security relevant events limited to the necessary minimum.

cheers

Martin



-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel

Reply via email to