Refreshing of asymmetric key pairs

Key pairs should have a limited lifetime.

  • Because private keys can be lost or discovered.

  • To implement a regular update policy.

Problem

  • Certificates can be freely copied and distributed.

  • The universe of certificate holders is unknown!

    • Thus, cannot be told to eliminate specific certificates.

Solutions

  • Certificates with a validity period.

  • Certificate revocation lists.

    • To revoke certificates before expiring their validity.

Last updated