Legally rolling them would defeat the point of the request and thus likely out you in contempt. The only solution is to not have the private key itself available to you and design the system such that you don't need it to do the minimal job Adminning the server. It's like having no logs. You can't give away something you don't have. The solution is to design the systems so Americans simply don't have access to the info being requested. On Tuesday, October 22, 2013, coderman wrote:
On Mon, Oct 21, 2013 at 8:57 PM, coderman <coderman@gmail.com<javascript:;>> wrote:
... every time you hand it over, change it.
there's risk of an active attack; and some browser *cough* disabled CRL checks "for performance reasons".
rock and a hard place... still better than nothing to roll them upon delivery.
-- Kelly John Rose Toronto, ON Phone: +1 647 638-4104 Twitter: @kjrose Skype: kjrose.pr Gtalk: iam@kjro.se MSN: msn@kjro.se Document contents are confidential between original recipients and sender.