|
|
7.4 Key Lifetimes
Connected: An Internet Encyclopedia
7.4 Key Lifetimes
Up:
Connected: An Internet Encyclopedia
Up:
Requests For Comments
Up:
RFC 2065
Up:
7. Operational Considerations
Prev: 7.3 Key Generation
Next: 7.5 Signature Lifetime
7.4 Key Lifetimes
7.4 Key Lifetimes
No key should be used forever. The longer a key is in use, the
greater the probability that it will have been compromised through
carelessness, accident, espionage, or cryptanalysis. Furthermore, if
key rollover is a rare event, there is an increased risk that, when
the time does come up change the key, no one at the site will
remember how to do it or other problems will have developed in the
procedures.
While key lifetime is a matter of local policy, these considerations
suggest that no zone key should have a lifetime significantly over
four years. A reasonable maximum lifetime for zone keys that are
kept off-line and carefully guarded is 13 months with the intent that
they be replaced every year. A reasonable maximum lifetime for end
entity and useer keys that are used for IP-security or the like and
are kept on line is 36 days with the intent that they be replaced
monthly or more often. In some cases, an entity key lifetime of
somewhat over a day may be reasonable.
Next: 7.5 Signature Lifetime
Connected: An Internet Encyclopedia
7.4 Key Lifetimes
|
|
|
 |
|
|
|
Protect yourself from cyberstalkers, identity thieves, and those who would snoop on you.
| |
Stop spam from invading your inbox without losing the mail you want. We give you more control over your e-mail than any other service.
| |
Block popups, ads, and malicious scripts while you surf the net through our anonymous proxies.
| |
Participate in Usenet, host your web files, easily send anonymous messages, and more, much more.
| |
All private, all encrypted, all secure, all in an easy to use service, and all for only $5.95 a month!
|
|
Service Details
|
|
|
|
