The basic fallacy here is the assumption that some magical 'identity' exists
and all we have to do is be brilliant enough to figure it out.
It doesn't.
It's just a collection of beneficial behaviors, a Nash equilibrium that changes
as the rules of the Game change (which, by definition, exists
Hey all,
Wondering if anyone has good links for key management documents.
I'm betting that NIST has a SP 800 on it; any others?
I'm curious what best practices are, esp. with details on specific
systems like GPG and OpenSSL.
For example, key length and revocation practices are obvious, but
how
On gpg, signatures expire if the signing key expires. So I create a
large (e.g. 4096-bit) RSA signing-only key, and then create a large
(4096-bit RSA) subkey for encryption with an expiration time of 1
year. That way, my communication is limited to a year under a key,
but my signatures