> (10) 3.1, identifying a log solely on the basis of its key_id > without any roll-over seems dumb. What if the log wants to > roll its signature key? This would have to be fixed in a > standards-track RFC but really could be done now and would be > better for having being done.
Our view was that a new key is effectively a new log and so roll-over is achieved by ... starting a new log. If it is done because of key compromise, then the old log can no longer be trusted. _______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey