[gtsteve]

There are other use-cases. For example, you can crypto-shred an unlimited amount of data just by deleting the key associated with it.

You can also set up workflows such as your client owning the encryption key that encrypts data held by you and they can revoke it at any time. Slack has a similar system and I was asked by a large financial institution about the same. I expect to see this more in future.

[aj3]

> For example, you can crypto-shred an unlimited amount of data just by deleting the key associated with it.

Sounds like a great target for ransomware crews!

[gtsteve]

Yes indeed! But you mark the key for deletion and there's a minimum time of 7 days before it is deleted and during that time you can't use it. You've got quite a while to realise there's a problem and fix it.

[toomuchtodo]

How many critical domains and TLS certs expire with many months of notice? In a proper shop, someone will be alerted. Most places are not on the ball, and that alert is going to go entirely unnoticed.

[gtsteve]

You'll probably notice your disks not mounting and your vms not starting up and your users not being able to take data etc. Or not, depends on how frequently accessed it is.

We'd definitely notice.

[aj3]

This sounds reasonable.