On Wed, 2011-10-12 at 13:49 -0600, Kevin Fenzi wrote: > On Wed, 12 Oct 2011 20:19:27 +0200 > Henrik Nordström <henrik@xxxxxxxxxxxxxxxxxxx> wrote: > > > The password change is understandable, but why force an SSH key change > > with such short notice? > > Short? 1.5 months? > > How long would you like? > > > And what if the SSH key is a hard token (smartcard) which can not be > > copied or trivially changed? Switching to a soft key would be mostly > > counter-productive from a security point of view. Now I were not > > currently using my hard token smartcard key for Fedora for other > > reasons but I would had been quite annoyed by this change requirement > > if I were. > > If you can't change your token, then I would posit you have a problem. > What if you KNEW your private key was compromised? Surely there is a > way to generate a new one... If your token has been compromised you throw it away. Or it will be compromised again evidently because there is a way to extract keys (keep in mind HW tokens like that are tamper-proof). > > But even then, the security of Fedora accounts is no stronger than the > > security of the email associated with an account. Quite pointless to > > try to bolster the security very high when all that is needed to take > > over a standard Fedora account is to have access to the email > > (account or traffic) of the Fedora account. Sure, a full account > > takeover is more likely to get noticed than a stolen password, but it > > still sets the level of expected security. > > Yeah, ideally we would do more here with gpg. Sure so next time you also force me to change my gpg key and throw away years of web of trust ? No thanks! Simo. -- Simo Sorce * Red Hat, Inc * New York -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
