Removing old keys
Tom Yu
tlyu at MIT.EDU
Mon Sep 20 18:42:15 EDT 2010
Nicolas Williams <Nicolas.Williams at oracle.com> writes:
> While an RPC may be useful by itself, I think it what's needed is a
> policy such that sufficiently old keys are deleted on next key change.
>
> The safest policy, ISTM, is delete kvno-3 or kvno-2 on key change. It'd
> be nice too to have a way to flag keys as having been "replicated", as
> may be necessary in cluster situations. (Though clusters also have to
> worry about replay caches, and that's a different topic.)
We have explored some of these possibilities, such as "not valid
before/after" timestamps on each kvno, or "validity" flags on kvnos.
I would consider those alternatives as a longer-term solution in the
evolution of our database abstraction, while the "purge old keys"
capability is something that can be implemented in the short term.
More information about the krbdev
mailing list