Legally rolling them would defeat the point of the request and thus
   likely out you in contempt.

   The only solution is to not have the private key itself available to
   you and design the system such that you don't need it to do the minimal
   job Adminning the server.

   It's like having no logs. You can't give away something you don't have.
   The solution is to design the systems so Americans simply don't have
   access to the info being requested.
   On Tuesday, October 22, 2013, coderman wrote:

     On Mon, Oct 21, 2013 at 8:57 PM, coderman <[1]coderman@gmail.com>
     wrote:
     > ...
     > every time you hand it over, change it.
     there's risk of an active attack; and some browser *cough* disabled
     CRL checks "for performance reasons".
     rock and a hard place... still better than nothing to roll them upon
     delivery.

   --

   Kelly John Rose
   Toronto, ON
   Phone: +1 647 638-4104
   Twitter: @kjrose
   Skype: [2]kjrose.pr
   Gtalk:[3]iam@kjro.se
   MSN:[4]msn@kjro.se
   Document contents are confidential between original recipients and
   sender.

References

   1. javascript:;
   2. http://kjrose.pr/
   3. mailto:iam@kjro.se
   4. mailto:msn@kjro.se