Assurance

["Cantor, Scott" <>]

On 7/20/12 5:21 PM, "Ian Young" 
<>
 wrote:
>
>As a matter of interest, does anyone remember where that particular term
>recommendation come from?  Is there some specific line of reasoning here
>about length of time a key should be in use, or is it just an arbitrary
>compromise between the undeniably true "shorter cryptoperiods reduce
>risks" vs. the hassle of key update?

I think it was pretty arbitrary.

>Just to balance that out and prove that the universe isn't prepared to
>give anyone a break, we also have a lot of SPs which handle multiple
>trust fabric certificates in metadata badly.  So, yes, every time anyone
>replaces a certificate they lose connectivity to some SPs during the
>transition.  It's a huge pain for everyone and it costs the helpdesk a
>lot of time sorting out, because the IdP people don't tend to be
>expecting it and often can't figure out what has gone wrong.

Obviously not the outcome we wanted to have happen, and speaks to the
point that no protocol change will fix this; only abandoning use of the
key entirely would.

Ultimately, we will have to do what the industry decides to do. If the
"extended enterprise" is happy with "TLS and a wink and a nod", that's
where we'll end up. I just don't think that's a responsible thing to do,
myself, so we keep tilting at the windmill. It wasn't as though the key
rollover aspect was particularly hard to implement (vs. the "wield
multiple credentials" part, which definitely is/was).

-- Scott