> Symmetric keys and fingerprints have to be exchanged through a secure > channel only once.
Whoa, let's back that up a moment. Fingerprints and symmetric keys need to be exchanged *as often as they change*. Which, in the case of symmetric keys, is quite frequently. If/when a key is compromised, all traffic that has been generated or will be generated with that key gets compromised, and there's no guarantee about whether you'll know the key is compromised -- so it's only sane to have an agreed-upon rekeying policy. "Keys will be used for three days tops", for instance, limits your exposure to a three-day window, but it requires you to rekey every few days. Key management is a killer problem. If you don't take it dead seriously it'll hug you and love you and name you George[*]. [*] http://www.youtube.com/watch?v=ArNz8U7tgU4 _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users