> So enforcing key rollover isn't a concern. The recommended server key
> rotation is primarily about forward secrecy then, I presume.
Draft says:
Erasing old keys provides for forward
secrecy, limiting the scope of what old information can be stolen if
a master key is somehow compromised.
--
These are my opinions. I hate spam.