HSM outage causes root CA key loss
Weger, B.M.M. de
b.m.m.d.weger at TUE.nl
Wed Jul 15 14:04:27 EDT 2009
Hi,
>>Our current Server CA certificate will expire in 2026 (when hopefully it
>>won't be my problem!).
>
>Thus the universal CA root cert lifetime policy, "the lifetime of a CA root
>certificate is the time till retirement of the person in charge at its
>creation, plus five years" :-).
This neglects the not entirely unlikely possibility that long before your retirement
some clever person will have broken your cryptographic hash function or
signature scheme.
I once saw a document refering to a PKI with a proposed certificate lifetime
of 100 years. Those people really care about their grandchildren.
Grtz,
Benne
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list