dennisjackson
commented
3 months ago The analysis already answers all three questions regarding key rotation:
Is the proposed problem compelling?
No. It's a symptom of a different problem (security risks of long-lived keys).
To what extent do the drafts solve the problem and under what deployment assumptions?
It functions adequately for clients and server who adopt T.E. / T.A.
How does it compare to the alternatives?
Poorly. Cross-Signings works just as well and is already ubiquitously supported.
These answers are already reflected in the text.
nharper
The usecases document states that its purpose is the following:
My reading of the "Rotating Root Keys" section is that you're saying the problem is not compelling, and root keys don't need to be rotated. Is that correct?
The drafts present rotating root keys as a problem. Even if you think the problem isn't compelling, by changing the framing of your analysis to a different problem, you are failing to evaluate how the drafts solve the stated problem of root key rotation. If the usecases document is going to serve its intended purpose, it needs to evaluate the use cases presented in the drafts.
(This is a follow-up on issue #5. See that issue for details on how the "Rotating Root Keys" section ignores the problem that root key rotation is something that happens and will continue to happen, and how the section instead proposes a different solution that does not rotate root keys.)