I hadn't seen the reference to long lived keys before. That changes
things considerably. In addition to strong authentication mechanisms,
there has to be quite a lot of other infrastructure to support the
kind of airtight archival that you're suggesting.
I think this is well beyond the scope of the discussion most of this
list is interested in. The web is the Internet's version of instant
gratification, a 90s kind of thing. Long lived? Future? Lawyers?
> Reply-To: email@example.com
> Sender: firstname.lastname@example.org
> From: Karl Auerbach <email@example.com>
> To: Multiple recipients of list <firstname.lastname@example.org>
> Date: Sat, 13 Aug 1994 21:23:48 +0200
> Subject: Re: Minimal Authorization
> >>zealot, passwords in the clear are no longer an acceptable risk. At
> >>the very least, a challenge-response system is necessary.
> I too appreciate the fact that Steve is listening in.
> What triggered this message is the question:
> Do we have any security requirements that require extremely
> long lived keys?
> What I'm thinking is whether we need authenticators or signatures or
> whatever that last for ten, twenty, fifty... years
> I'm concerned about the needs of archivists, research folk, lawyers,
> etc. who will sometime in the distant future need to dig through all
> this stuff that is going to be published.
> Are these real risks or am I being a raving alarmist?