Sept. 21, 2014
5:21 p.m.
Hello Joe, On Sun, Sep 21, 2014 at 8:41 AM, Joe Abley <jabley@hopcount.ca> wrote:
Having such a standby key available (e.g. as recommended in RFC 5011, and by Mike StJohns in the past) would help align the two procedures, although an approach for mitigating the compromise of both active and standby keys would still be required for the general case of emergency roll due to compromise.
Yes I agree. I like the idea of having standby keys that will help a lot. Although, even with the standby keys, we still need to consider scenarios in which both keys needs to be replaced such as algorithm compromise (if it is the same) or physical compromise of the key (if both key sit on he same HSM). Thanks, Tomofumi