<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hi Mike,<br class=""><div><br class=""><div class="">On 2 Apr 2019, at 09:33, Michael StJohns <<a href="mailto:msj@nthpermutation.com" class="">msj@nthpermutation.com</a>> wrote:</div><div class=""><br class="Apple-interchange-newline"></div><blockquote type="cite" class=""><div class="">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" class="">
<div text="#000000" bgcolor="#FFFFFF" class="">
<div class="moz-cite-prefix"></div></div></div></blockquote><blockquote type="cite" class=""><div class=""><div text="#000000" bgcolor="#FFFFFF" class=""><div class="moz-cite-prefix">It is a <u class=""><b class="">monumentally bad idea</b></u>
to retain revoked key material - especially when you don't
actually have any way to use it.</div></div></div></blockquote><div><br class=""></div><div>My concern is that we don't know if we have any way to use it until KSK rollovers stop being science projects.</div><div><br class=""></div><div>The topic that prompted the concern was Warren raising Wouter's old trust anchor link proposal from the dead. I thought Wouter's proposal was a bad idea, years ago and I'm not sure whether Warren's current idea is best described as a recurring bad dream or a prodigal son returning, but it seems silly to rush to a conclusion when we don't need to.</div><div><br class=""></div><div>What is the harm from keeping leaving the KSK-2010 smart cards that are already in the safe there for as long as it takes to have a stable plan in place for rolling the key? This is not a rhetorical question -- you know more about this stuff than I do, and I'm interested in your answer.</div><div><br class=""></div><div>Note that I'm not suggesting that old key materials be hoarded as a general principle; rather that since we don't yet know what we are doing, perhaps we shouldn't act as though we do.</div><div><br class=""></div><div><br class=""></div><div>Joe</div><div><br class=""></div></div></body></html>