On 02/08/2012 08:22 PM, Phillip Hallam-Baker wrote:
> Worse, Alice has to repeat the process once a year.
Why would Alice have to repeat the process once a year? Are you
suggesting she has to replace her decryption key every year? Does this
have to do with the "repeat customer" lock-in model operated by modern
CAs where certificates are given artificially-short lifespans? Even in
the face of that kind of tactic, why wouldn't Alice just get an updated
certificate from the same key and avoid having to re-key all her devices?
The only thing Alice needs for decryption is the secret key material;
she doesn't have to synchronize certificates at all for this use case.
--dkg
_______________________________________________
therightkey mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/therightkey
