Open a-stacey opened 5 years ago
While this is important, I don't think it's important for our prototype, as we'll eventually migrate to X509 certificates issued by an external CA. I'd like to park the issue for the current release.
Original Author: fal05c
Somewhat related to #215. Should we be encouraging our uses to conform to reasonable security practices and make sure that they are rotating there keys frequently enough? NIST recommends that 3072 keys should be used where the application deems they need to be used beyond 2030 and so we should ensure that keys which are currently valid of 2046 have an expiry date before this.
https://en.wikipedia.org/wiki/Key_size
Its not immediately clear what the enforcement period should be and whether it should be an absolute max (e.g. 5 years) or depending on the key strength (i.e. 2046 bit keys expire before XXXX).
Original Author: sta358
(Moved with github-migration-0.1.0.0 (package github-migration-0.1.0.0 revision df9f38b))