[145188] in cryptography@c2.net mail archive
Re: "Against Rekeying"
daemon@ATHENA.MIT.EDU (John Ioannidis)
Thu Mar 25 08:49:35 2010
Date: Wed, 24 Mar 2010 19:58:16 -0400
From: John Ioannidis <ji@tla.org>
To: Jon Callas <jon@callas.org>
CC: "Perry E. Metzger" <perry@piermont.com>, cryptography@metzdowd.com
In-Reply-To: <881FA93B-5C9C-44D3-9869-2D69B2D93BDE@callas.org>
I think the problem is more marketing and less technology. Some
marketoid somewhere decided to say that their product supports rekeying
(they usually call it "key agility"). Probably because they read
somewhere that you should change your password frequently (another
misconception, but that's for another show).
Also, there's a big difference between rekeying communications protocols
and rekeying for stored data. Again, the marketoids don't understand
this. When I was working for a startup that was making a system which
included an encrypted file system, people kept asking us about rekeying,
because "everybody has it".
/ji
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
