support for transitioning to a new key (aka key rotation)

[GoogleCodeExporter]

What new or enhanced feature are you proposing?

Support for transitioning to a new key.

What goal would this enhancement help you achieve?

Each munged currently supports a single cryptographic key. If a group of hosts needs to transition to a new key, there will be a time interval where some hosts have transitioned to the new key while other hosts are still using the old key. Support is needed to allow authentication between hosts during this time interval where both the old and new keys are valid. Furthermore, after this time interval has elapsed, the old key needs to be (automatically) marked invalid.

Requested by Flux: because signed jobs in the queue might sit there for a long time and be invalidated if we had to change the munge key.

Original issue reported on code.google.com by chris.m.dunlap on 9 Jan 2013 at 8:42