March 16, 2019
7:53 p.m.
S Moonesamy writes:
The first "trust anchor" was in use for around 10 years. Although it has not caused any security issue, it is better to have "key rotation".
Right, I completely agree that we should have regular key rotation and have previously offered my opinion that I'd like to see it once per year. I think that achieving it by rolling to a published list of pre-generated keys is a poor way of doing it.