#43: key rollover Changes (by [email protected]):
* status: new => closed * resolution: => wontfix Comment: Will not fix because the feasible way to change a log's key is to freeze it and start a new one. The alternative is to build into all data structures an indication of which key was used to sign the SCTs, coordination with TLS clients on when to switch to the new key, etc. I think it's a significant complexity to add for no real benefit - freezing a log and starting a new one is much simpler conceptually (and is operationally as complex as key rollover, if not less). Note that policies of TLS clients for recognizing a log, although out of scope for the trans wg, could have different requirements for logs from new operators vs logs from recognized operators that would like to use a different key for their log. -- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-trans- [email protected] | [email protected] Type: defect | Status: closed Priority: major | Milestone: Component: rfc6962-bis | Version: Severity: - | Resolution: wontfix Keywords: | -------------------------+------------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/trans/trac/ticket/43#comment:1> trans <http://tools.ietf.org/trans/> _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
