Assurance

["Cantor, Scott" <>]

On 7/22/12 8:04 PM, "Tom Scavo" 
<>
 wrote:
>
>And so it is. But let me quickly point out (to others following this
>thread) that there's a difference between *replacing* and *migrating* a
>certificate in IdP metadata. The former is done in response to a known or
>suspected key compromise while the latter happens more leisurely,
>presumably as a precautionary measure or to improve interoperability. The
>fact that some SPs don¹t handle migration very well shouldn¹t stop an IdP
>from doing it. The alternative (replacing a certificate in metadata) is
>certainly worse.

In practice, they amount to the same thing except that one is
self-inflicted, and the other is obviously necessary. Nobody particularly
begrudges some breakage if their key is compromised, and if anything the
bad part is that the old key will still work for a while for a lot of SPs.

But as a normal course of operation, if stuff is breaking, that change is
no longer something routine and worth doing without a good reason.

-- Scott