Proposal for action: SSH Key, User Cert and Password Flag Day
Adam M. Dutko
dutko.adam at gmail.com
Mon Sep 12 16:01:34 UTC 2011
I think a "security event driven" change policy would be more
effective than an arbitrary change policy driven by a deadline.
LinuxCode asked me about this in #fedora-noc after I mentioned:
"... there is conflicting evidence (one might call it 'opinion' more
than evidence) as to whether frequent changes are effective ... just a
thought"
The article that precipitated this comment was one published by Bruce
Schneier [0]. Again, this is "yet another opinion."
SOURCES:
[0] http://www.schneier.com/blog/archives/2010/11/changing_passwo.html
More information about the infrastructure
mailing list