What reasons are there to cause one to want to generate a new key instead of reusing the old one?

For the same reasons that you would rotate passwords. It is just a precaution in case it accidentally was leaked. When changing certificate anyway there is no inconvenience to the users from replacing the key, so you might as well replace it. It would for example help a bit in case an old backup of the webserver had been leaked. The difference in security is minor though, there are much greater threats from insecure CAs.

Certificates have an expiry date. They are supposed to be changed before the expiry date is reached. On a well managed system, you'll never see a certificate which has less than a week left of its validity period. Once the certificates are changed, it should be considered best practice to rotate the server key as well, so the new certificate will always be signing a different key from the previous certificate.

It would be nice to have more information to verify the correctness of the new certificate than just the existing CA certificate chain. I would like to see a small extension to SSL where the server can tell the client that any new certificate will be signed using the current certificate. When the client is told that, it can cache the current certificate and warn the user if it sees a new certificate lacking a chain from the old to the new certificate.

Yes, when I saw this I thought that this was a reason to make motherboard IOMMUs a security feature. Also, the DMA destination memory pages should not have the executable bit turned on. Recent generations of Intel/AMD CPUs have provided the ability to turn that bit off.

Great that you found good people to handle those important things.

Thanks, bro :)

All riggghhhhtttt. Thanks Amicus :) I always wanted to have a big brother :)

Oh. OK. How many words do they want?

The legal fees alone are the killer. Veoh won every round, but had to go out of business due to the legal fees.

In my experience, their primary goal in every instance is to put people out of business, if at all possible. YouTube has been 'playing nice' with them for many years, but they haven't dropped the pending case.

The decision, IMHO, gives you what you need to know about the facts of the case in order to understand the significance of the decision. 56 pages is enough reading in my view, for our purposes. If you want more you can go on PACER and get hundreds of additional pages from the case file.

Yeah, definitely

1. I don't have a paralegal to work on my blog. I do all this stuff myself.

2. The guiding principle of Recording Industry vs The People since its inception in 2005 has always been that it is designed for readers who are smart enough, and serious enough, to read the actual litigation document rather than let someone else tell them what it means.

3. The blog post doesn't link to Slashdot for "more details" it links to it for "Commentary & discussion".

4. Most Slashdotters, I have found, do read the story and litigation document... not every word, but enough to form their own opinions.

5. And no, thanks, I am not looking for you to explain to me what the decision says; I read it, and I know exactly what it says.

Well he shouldn't call something "obscure" just because he's too lazy to read it, and wants someone else to tell him what it said.

Obscure? You calling my blog obscure?

There is no "backstory". Just read the front story.