Paint my car black.
So you do all the prep work, car's primed with a dark primer, black paint is mixed and ready to go, then this change request comes in:
Paint my car white.
Well, now you've wasted the paint you just tinted black, and you can't paint white on top of dark primer (well, you can, but you need many more coats), so you've got to redo the prep work. That means waiting while the primer fully cures, so you can sand it off properly; otherwise, it'll gum your sandpaper. then re-prime, then you can paint. Assuming you don't see
Paint my car forest green.
in the meantime.
That was one word. Yes, one line matters.
The rules are eight pages. However, the details with respect to forbearance, the regulations from which we will not be taking action—that alone is 79 pages. Moreover, sprinkled throughout the document, there are uncodified rules — rules that won’t make it in the code of federal regulations that people will have to comply with in the private sector. On top of that, there are things that aren’t going to be codified, such as the Internet Conduct Standard, where the FCC will essentially say that it has carte blanche to decide which service plans are legitimate and which are not, and the FCC sort of hints at what factors it might consider in making that determination.
Okay, let's break that down:
The rules are eight pages.
Pretty clear. Rules = code. 8 pages of rules will be codified.
However, the details with respect to forbearance, the regulations from which we will not be taking action—that alone is 79 pages.
An additional 79 pages of rules that could have been codified won't be. Can they be later? Sure, whether they were in this document or not, they can always be written and voted on later.
Moreover, sprinkled throughout the document, there are uncodified rules — rules that won’t make it in the code of federal regulations that people will have to comply with in the private sector.
Oh, look, more rules they considered, but that didn't make it into the 8 pages that will be codified.
On top of that, there are things that aren’t going to be codified, such as the Internet Conduct Standard, where the FCC will essentially say that it has carte blanche to decide which service plans are legitimate and which are not, and the FCC sort of hints at what factors it might consider in making that determination.
Even more things they talked about that didn't make it into the 8 pages that will be codified.
For reference, to codify means To turn into law.
In short, it's 300+ pages of shit they discussed before arriving at the 8 page subsection of the existing Title II that will apply to internet services. We don't get to see the 8 pages of stuff that does apply, or the 300+ pages of discussion that does not, just yet; however, a reasonable person can probably guess which of the 33 pages of Title II might have made it into the applicable 8 pages.
That said, I wouldn't expect you to have that ability.
You can change your key, but everyone is made AWARE the key has changed and you have to INFORM them why it changed and for what reason and they have to accept it or not.
Or, someone else changes the key, MITM's the site, injects a brief explanation of why the key was changed into a banner on the page (oh, but you have to accept the new key in order to see that, assuming the site uses SSL everywhere as it should) or spoofs an email with the explanation, or spoofs a social media campaign with the explanation, whatever.
Maybe they target an individual user, that user gets the spoofed email and sees the spoofed tweets, and accepts the new key. Company would never be the wiser, since no fake notices would go out publicly, and the user, well...
This would work for you, this would work for me, hell it'd work for a handful of people here, because we know to spend longer than the time it takes to click "OK" to investigate these things. The real problem with your solution is that 99.999% of users either don't know to do that, or simply don't think it's a big enough deal to warrant actually doing it. You think it'd be a better situation based on your experience with a few competent and security-minded people, but the reality is we're the minority and the situation would end up much worse as a result.
but it does mean that the terrorist has to improve his security hygiene to remain undetected.
And what happens when they do? Why actively encourage them to make themselves harder to catch?
the key you received in 2005 is the key you use in 2015
Unless the other endpoint was compromised at some point and legitimately changed their key as a mitigation measure. Solve that problem and we'll be in agreement.
The optimum committee has no members. -- Norman Augustine