BR: Enforce that all keys have an expiry date and that there is a maximum date for expiry

[a-stacey]

Somewhat related to #215. Should we be encouraging our uses to conform to reasonable security practices and make sure that they are rotating there keys frequently enough? NIST recommends that 3072 keys should be used where the application deems they need to be used beyond 2030 and so we should ensure that keys which are currently valid of 2046 have an expiry date before this.

The NIST recommends 2048-bit keys for RSA. [15] An RSA key length of 3072 bits should be used if security is required beyond 2030.[16] NIST key management guidelines further suggest that 15360-bit RSA keys are equivalent in strength to 256-bit symmetric keys.[17]

https://en.wikipedia.org/wiki/Key_size

Its not immediately clear what the enforcement period should be and whether it should be an absolute max (e.g. 5 years) or depending on the key strength (i.e. 2046 bit keys expire before XXXX).

Original Author: sta358

(Moved with github-migration-0.1.0.0 (package github-migration-0.1.0.0 revision df9f38b))

[sarafalamaki]

While this is important, I don't think it's important for our prototype, as we'll eventually migrate to X509 certificates issued by an external CA. I'd like to park the issue for the current release.

Original Author: fal05c