On Thu, 30 Jan 2020, Christian, Mark wrote: > However, when alice is no longer authorized, and assuming her cert is > still valid, you're going to want to use some configuration mgmt to > manage RevokedKeys, otherwise ensure that alice's cert is valid for a > short period of time. AFAIK most organisations that use ssh certificates give them short (~1 day) lifetimes to avoid the risk of lingering authority, but it's still useful to have a tested revocation path for the odd case where you actively need to kill a key/cert. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
