A few months ago, Tatu Ylonen (creator of SSH 1.x) declared that lax key management was hazardous
. Now there's work being done on a standard for automated key management
. hypnosec sent in the news; quoting Parity News on the content of the draft
: "It presents a process that would allow for moving of already issued keys to protected location, removal of unused keys, key rotation, providing rights of what can be done with the keys and establishing an approval process for issue of new keys."
There's a non-WG mailing list
; the final version of the standard is expected in October.