Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30
simo at redhat.com
Wed Oct 12 20:24:28 UTC 2011
On Wed, 2011-10-12 at 13:49 -0600, Kevin Fenzi wrote:
> On Wed, 12 Oct 2011 20:19:27 +0200
> Henrik Nordström <henrik at henriknordstrom.net> wrote:
> > The password change is understandable, but why force an SSH key change
> > with such short notice?
> Short? 1.5 months?
> How long would you like?
> > And what if the SSH key is a hard token (smartcard) which can not be
> > copied or trivially changed? Switching to a soft key would be mostly
> > counter-productive from a security point of view. Now I were not
> > currently using my hard token smartcard key for Fedora for other
> > reasons but I would had been quite annoyed by this change requirement
> > if I were.
> If you can't change your token, then I would posit you have a problem.
> What if you KNEW your private key was compromised? Surely there is a
> way to generate a new one...
If your token has been compromised you throw it away. Or it will be
compromised again evidently because there is a way to extract keys (keep
in mind HW tokens like that are tamper-proof).
> > But even then, the security of Fedora accounts is no stronger than the
> > security of the email associated with an account. Quite pointless to
> > try to bolster the security very high when all that is needed to take
> > over a standard Fedora account is to have access to the email
> > (account or traffic) of the Fedora account. Sure, a full account
> > takeover is more likely to get noticed than a stolen password, but it
> > still sets the level of expected security.
> Yeah, ideally we would do more here with gpg.
Sure so next time you also force me to change my gpg key and throw away
years of web of trust ? No thanks!
Simo Sorce * Red Hat, Inc * New York
More information about the devel