Currently implementation will keep generating new key versions when primary key version is older than rotation age even there are newer key versions exist.
This will become an issue when primary key age > rotation age, and rotation service is triggered at a frequency < propagation time, because it would keep generating new key versions, and the new key versions would never get promoted, and primary key version stays the same.
fix: stop rotating key versions when there are newer (than primary) key versions.
code link: https://github.com/abcxyz/jvs/blob/e99deb918b1221e4b0430003fc15a0319ffabd49/pkg/jvscrypto/rotation_handler.go#L160
Currently implementation will keep generating new key versions when primary key version is older than rotation age even there are newer key versions exist.
This will become an issue when primary key age > rotation age, and rotation service is triggered at a frequency < propagation time, because it would keep generating new key versions, and the new key versions would never get promoted, and primary key version stays the same.
fix: stop rotating key versions when there are newer (than primary) key versions.