On Wed, 12 Oct 2011 20:19:27 +0200
Henrik Nordström <henrik(a)henriknordstrom.net> wrote:
The password change is understandable, but why force an SSH key
change
with such short notice?
Short? 1.5 months?
How long would you like?
And what if the SSH key is a hard token (smartcard) which can not be
copied or trivially changed? Switching to a soft key would be mostly
counter-productive from a security point of view. Now I were not
currently using my hard token smartcard key for Fedora for other
reasons but I would had been quite annoyed by this change requirement
if I were.
If you can't change your token, then I would posit you have a problem.
What if you KNEW your private key was compromised? Surely there is a
way to generate a new one...
And why is so much of the Fedora inftrastructure relying on plain
text
password exchanges (within SSL, but still plain text at the Fedora
servers) when there is both HTTP digest authentication (no plaintext
seen by Fedora servers) and SSL certificates and SSH keys which all
three serves a much better identification method?
Please feel free to jump in and help code such changes. :)
We are a open source infrastructure and I'm sure patches and ideas even
would be welcome.
And you forgot the one most important DON'T in the list. Never
use the
same password for two different systems. Do not use the same password
for Fedora account as you use for Hotmal / GMail / At Work /
Facebook / Whatever.
Yeah, I kept adding things, but the email was already really long. ;(
But even then, the security of Fedora accounts is no stronger than
the
security of the email associated with an account. Quite pointless to
try to bolster the security very high when all that is needed to take
over a standard Fedora account is to have access to the email
(account or traffic) of the Fedora account. Sure, a full account
takeover is more likely to get noticed than a stolen password, but it
still sets the level of expected security.
Yeah, ideally we would do more here with gpg.
kevin