On 01/09/2009 01:12 AM, Ben Bucksch:
It's not an *endorsement*, but making it possible to use them without
fat warning
Which is exactly the same thing...
No. "Make it possible" and "endorse" are two entirely different things.
the longer a key is used the better the chances of getting
compromised, isn't it?
It doesn't make a difference whether you have one key for two years on a
system or two keys for one year each, one after the other.
If you want to change keys nevertheless, you can still do that. Just
make sure you authorize the new one, by signing the new key with the old
one.
It feel rather annoyed if I'd have to confirm every new cert
encountered.
Please read the bug before commenting, thanks.
I did, I know this bug from long time ago. Perhaps help me understand
what I'm apparently missing here.
As I already explicitly said in the bug, there would be no warning. The
private key does not change, or the new key is signed with the old one.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
