Daniel Kahn Gillmor <dkg-mit.edu at fifthhorseman.net> writes: > i agree that it's worthwhile to support expiration policy for > randomly-generated keys. I do too. Audits often require that one rekey a system on a periodic basis, and being able to enforce that with expiration policy is useful. -- Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>