-62
Private Key Compromise
nTry to minimize impact
uShort validity of signatures
uRegular key-rollover
nRemember: KEYs do not have timestamps in them -- the SIG over the KEY has the
timestamp
nKey exchange involves 2nd party:
uState to be maintained during rollover
uoperationally more expensive