One can have special long-term keys as well as the normal two-year keys.
Long-term keys should have much longer modulus lengths and be stored more
securely than two-year keys. If a long-term key expires in 50 years, any
document signed with it would remain valid within that time. A problem with
this method is that any compromised key must remain on the relevant CRL
until expiration (see Question 3.3.11); if 50-year keys are
routinely placed on CRLs, the CRLs could grow in size to unmanageable
proportions. This idea can be modified as follows. Register the long-term
key by the normal procedure, i.e., for two years. At expiration time, if it
has not been compromised, the key can be recertified, that is, issued a new
certificate by the certifying authority, so that the key will be valid for
another two years. Now a compromised key only needs to be kept on a CRL for
at most two years, not fifty.
One problem with the previous method is that someone might try to invalidate a long-term contract by refusing to renew his key. This problem can be circumvented by registering the contract with a digital time-stamping service (see Question 3.3.18) at the time it is originally signed. If all parties to the contract keep a copy of the time-stamp, then each can prove that the contract was signed with valid keys. In fact, the time-stamp can prove the validity of a contract even if one signer's key gets compromised at some point after the contract was signed. This time-stamping solution can work with all signed digital documents, not just multi-party contracts.