nTry to minimize impact
uShort validity of signatures
uRegular key-rollover
nRemember: KEYs do not have timestamps in them -- the SIG
over the KEY has the timestamp
nKey exchange involves 2nd party:
uState to be maintained during rollover
uoperationally more expensive