[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WG Last Call for SKIP I-D



At 05:41 PM 11/27/95 -0800, Ashar Aziz wrote:

>The solution is to let the certified DH public key be instead
>a set of certified DH public keys, each of which have shorter 
>validity than a typical certificate, say one or two weeks. The set
>of intervals over which each public key is valid would be contiguous
>and non-overlapping, and the sum of these intervals would equal
>the  validity period of a typical certificate, say six
>months or a year.

Ashar,

While key lifetimes of a week or two may technically qualify as
"perfect forward secrecy", I for one want *much* shorter lifetimes,
more on the order of minutes to perhaps an hour, max.

Phil



Follow-Ups: