On Thu, 25 Oct 2012, Martin Rex wrote:
Due to a uncounted numbers of bugs in software, some of which get published on a monthly schedule, TLS-enabled Servers may experience break-ins, and there is absolutely no indication that this is going to ever change.
So replace your TLSA record in DNS to point to the new certificate. The DNS is your OCSP/CRL/Revoke/Publish mechanism, but without the middle man delay and payments.
So rather than making the keys last forever
Keys, using the SPKI certificate format, have no expiry date. They don't last forever, they last as long as the DNS backs them up. Paul _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
