[Cryptography] Long-term security (was Re: ratcheting DH strengths over time)

[dan at geer.org]

> Say you have thousands of such systems or even millions of them out in
> the field, all happily dialing home and getting new instructions, all
> that protected by an RSA key or an elliptic curve signature key. How
> do you keep that safe for a stupid amount of time?
> 
> The sad truth is, you probably can't...

Your design must accept that as a constraint.

See point #5 in http://geer.tinho.net/geer.blackhat.6viii14.txt

--dan