Hi, > Would all this extra signing lead to unnecessary leakage of the CA > private > key? Do private keys become "stale" after too many uses and/or time?
no, private keys to not become stale if used properly (this includes a number of security precautions, such as correct padding and using the correct block size). These precautions are usually met by the software that makes immediate use of the key, such as OpenSSL. But there are good reasons to limit key usage of critical keys to the necessary minimum. Consider an environment where CA operations are subject to tight inspection by auditing staff. The auditors would want to have the security relevant events limited to the necessary minimum. cheers Martin ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ OpenCA-Devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-devel