On Wed, 12 Oct 2011 16:40:07 -0400
seth vidal <skvidal(a)fedoraproject.org> wrote:
On Wed, 2011-10-12 at 22:34 +0200, Tomas Mraz wrote:
> Unnecessary work is kind of punishment.
>
> BTW what prevents the people who do not care about their SSH
> private key security to upload their new SSH key to a compromised
> system immediately after their generate it again?
Nothing prevents them from doing it. But this action, here, today, is
trying to stave off risk from PAST compromises of others systems. It
is not trying to stave off FUTURE compromises.
It's like changing your house locks if you lose your keys. Nothing
keeps you from losing your keys again - but you're completely certain
that the old keys are useless now.
I for one am fairly certain that the folks who left their private keys
on public systems will do that again, fairly quickly. I am also fairly
certain that they are not following this debate.
--
Bernd Stramm
bernd.stramm(a)gmail.com