Hi Geoff, Tony, At 09:58 AM 20-02-2019, Geoff Huston wrote:
There is something in your note Tony that I feel I should comment on. It gets to the heart of why the key gets rolled at all, in my view.
I could offer the view that there is a prevalent feeling (perhaps irrationally - who knows) that a very long-held key will get compromised at some time. Either the tools to break the key will improve, or access to the key will no longer work, or some other mishap. It seems foolhardy not to have some exercised plan to roll the key to respond to such potential eventualities when or if the unplanned disaster happens and we need to roll the key.
Please see Section 4.5 of the DPS. A "roll-over often" approach may have to take that into consideration. Regards, S. Moonesamy