On Wed, Apr 16, 2014 at 12:35:23PM CEST, Joel Rees <[email protected]> said: > > For those who are getting excited, don't. Take the time to understand the > whole process, and the reason certificates and cryptographic tokens should > be rotated, and how you go about doing it. (They should be rotated anyway, > and if you don't, well, it's time to start leaning how, and this is as good > a reason as any.) > > Incidentally, nobody does it right yet, not even the banks. In my way of > thinking, that's a bigger problem than being able to reach blindly into a > server's memory.
Some do, however only ther certificate expires, not the keys... Thus many of those who rotate the certificate just issue a new one with existing key, just changing the dates and signing. And that's bad. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
