|mechanism to delete old keys should exist
|Tue, 22 Oct 2002 22:46:52 -0400 (EDT)
|hartmans@MIT.EDU (Sam Hartman)
We need a mechanism to delete old keys (especially tgt keys) from the
database. One possible mechanism would be start/expire dates on keys.
Another would be a not-valid-yet bit and a command to delete old keys.
The reason you probably want the not valid yet bit is to deal with the
time between the key is generated and the time when it is available on
all replicated servers (AFS and TGT come to mind)