From c26ee73aafd211365b3b8bb51ca4466887c9617e Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Sun, 31 Mar 2019 18:48:06 +0300
Subject: Add: requirement that signing keys be rotated, distributed securely

---
 yuck.mdwn | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/yuck.mdwn b/yuck.mdwn
index 5a4ad2b..3c81250 100644
--- a/yuck.mdwn
+++ b/yuck.mdwn
@@ -183,6 +183,9 @@ reference in discussions.
   authentication cannot ever succeed.
 * (KILLSESSION) It must be possible to kill existing web sessions to
   kick out someone who is logged in to Yuck.
+* (KEYROTATION) The IDP MUST rotate signing keys so that a leaked key
+  can be easily replaces. The IDP MUST have a secure way to distribute
+  the key to clients.
 
 
 # Architecture: the ecosystem
-- 
cgit v1.2.1