[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: WG Last Call for SKIP I-D
At 05:41 PM 11/27/95 -0800, Ashar Aziz wrote:
>The solution is to let the certified DH public key be instead
>a set of certified DH public keys, each of which have shorter
>validity than a typical certificate, say one or two weeks. The set
>of intervals over which each public key is valid would be contiguous
>and non-overlapping, and the sum of these intervals would equal
>the validity period of a typical certificate, say six
>months or a year.
Ashar,
While key lifetimes of a week or two may technically qualify as
"perfect forward secrecy", I for one want *much* shorter lifetimes,
more on the order of minutes to perhaps an hour, max.
Phil
Follow-Ups: