blank.gif (43 bytes)

Church Of The
Swimming Elephant

7.4 Key Lifetimes Connected: An Internet Encyclopedia
7.4 Key Lifetimes

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 2065
Up: 7. Operational Considerations
Prev: 7.3 Key Generation
Next: 7.5 Signature Lifetime

7.4 Key Lifetimes

7.4 Key Lifetimes

No key should be used forever. The longer a key is in use, the greater the probability that it will have been compromised through carelessness, accident, espionage, or cryptanalysis. Furthermore, if key rollover is a rare event, there is an increased risk that, when the time does come up change the key, no one at the site will remember how to do it or other problems will have developed in the procedures.

While key lifetime is a matter of local policy, these considerations suggest that no zone key should have a lifetime significantly over four years. A reasonable maximum lifetime for zone keys that are kept off-line and carefully guarded is 13 months with the intent that they be replaced every year. A reasonable maximum lifetime for end entity and useer keys that are used for IP-security or the like and are kept on line is 36 days with the intent that they be replaced monthly or more often. In some cases, an entity key lifetime of somewhat over a day may be reasonable.

Next: 7.5 Signature Lifetime

Connected: An Internet Encyclopedia
7.4 Key Lifetimes


Protect yourself from cyberstalkers, identity thieves, and those who would snoop on you.
Stop spam from invading your inbox without losing the mail you want. We give you more control over your e-mail than any other service.
Block popups, ads, and malicious scripts while you surf the net through our anonymous proxies.
Participate in Usenet, host your web files, easily send anonymous messages, and more, much more.
All private, all encrypted, all secure, all in an easy to use service, and all for only $5.95 a month!

Service Details

Have you gone to church today?
All pages ©1999, 2000, 2001, 2002, 2003 Church of the Swimming Elephant unless otherwise stated
Church of the Swimming Elephant©1999, 2000, 2001, 2002, 2003 is a wholly owned subsidiary of Packetderm, LLC.

Packetderm, LLC
210 Park Ave #308
Worcester, MA 01609