> Rotating my private key would reduce my risk from an unknown compromise. But not sure by how much.
Therein lies the rub: you index security on knowing you're compromised, whereas most compromise is imperceptible to the user. Rotating credentials reduces risk.
I think this is not a fruitful reasoning. Never sharing keys reduces the risk too.
How much does rotating credentials reduce risk? Should I rotate once a year? Once a month?
Rotating every day would be even more secure, right? But how much more? I think not very much.
I must accept some risk to communicate. I accept that I can manage my private key and keep it safe. It’s my identity, so it’s important to prevent leaking that credential. I think it’s better to protect the credential than to frequently rotate with all the potential errors there.
The risk is that I don’t know if I’m compromised. But I think that risk is less than the errors involved in rotating keys according to some arbitrary schedule.
> How much does rotating credentials reduce risk? Should I rotate once a year? Once a month?
As frequently as possible. Signal for example uses ephemeral keys for each message.
> Rotating every day would be even more secure, right? But how much more? I think not very much.
Stop guessing and use empirical evidence to support your reasoning.
> The risk is that I don’t know if I’m compromised. But I think that risk is less than the errors involved in rotating keys according to some arbitrary schedule.
It's arbitrary because you are making a strawman argument to support a foregone conclusion.
> Signal for example uses ephemeral keys for each message.
There’s a big difference between identity keys and session keys. It makes total sense to use lots of throw away keys (this is how tls works) but making a new identity key for every message is madness.
There is no empirical evidence for how frequently to rotate your identity keys.
A few years ago NIST started recommending never changing passwords unless they are compromised [0]. Identity keys aren’t exactly the same as passwords but I think they are similar.
I don’t think anyone quantifies how much of a benefit there is to changing your password nor how frequently to change it. “As frequently as possible” is not useful advice as that could be every minute or never. I need more actionable guidance so I can weigh it against other priorities
> There’s a big difference between identity keys and session keys. It makes total sense to use lots of throw away keys (this is how tls works) but making a new identity key for every message is madness.
That's not what happens (new identity for each message) and compromise of a Signal identity key has no impact on message security, unlike GPG. Also it's not how all TLS works; it's how TLS works with perfect secrecy ciphers only.
> There is no empirical evidence for how frequently to rotate your identity keys.
Certainly not if you refuse to look for it.
> A few years ago NIST started recommending never changing passwords unless they are compromised
Passwords derive session keys (cookies) which rotate very frequently. You have a lot to learn about computer security, I'm happy to make some reading recommendations if you're sincerely interested.
Therein lies the rub: you index security on knowing you're compromised, whereas most compromise is imperceptible to the user. Rotating credentials reduces risk.