Refreshing of asymmetric key pairs

Key pairs should have a limited lifetime.

• Because private keys can be lost or discovered.

• To implement a regular update policy.

Problem

• Certificates can be freely copied and distributed.

• The universe of certificate holders is unknown!

  • Thus, cannot be told to eliminate specific certificates.

Solutions

• Certificates with a validity period.

• Certificate revocation lists.

  • To revoke certificates before expiring their validity.