On Fri, 5 Feb 2010, Edward Lewis wrote:
The outcome of the thread was that, if left up to the cryptographic issues, there would be no need to change keys until a key was detected as being broken. This is because the effective lifetime of a key is not determined by the key itself but rather by the determination of the attackers. The moral - you only need to change the key in an emergency.
I don't think that was the outcome at all. As I read it, the outcome was "cryptographers are even more conservative then DNS operators, because key strength is a function of math & money, but the IETF suggested lifetimes were very safe".
The realization that it isn't the cryptography limiting the usefulness of the key to me is "new thinking." All along I thought that the limitation on the effectivity of a key was the cryptography - but for "good enough keys" the limitation is how comfortable I am going without changing it and how much does it cost to change it.
To that I agree. Paul