I’ve been thinking about key lifetime recently, after experimenting with the Certificate Patrol Add-On for Firefox. That Add-On isn’t useful to run daily, as there is a lot of churn in certificates out there–and that’s sort of the trick: you need to be able to generate new keys, but I want to know I’m still talking to the same person on the other side of the connection. If the issues Certificate Patrol flags are any indication, we’re not handling that at all right now.
I’ve been thinking about key lifetime recently, after experimenting with the Certificate Patrol Add-On for Firefox. That Add-On isn’t useful to run daily, as there is a lot of churn in certificates out there–and that’s sort of the trick: you need to be able to generate new keys, but I want to know I’m still talking to the same person on the other side of the connection. If the issues Certificate Patrol flags are any indication, we’re not handling that at all right now.