ssh private keys on our systems
Kevin Fenzi
kevin at scrye.com
Thu Sep 29 20:09:14 UTC 2011
On Thu, 29 Sep 2011 15:16:03 -0400
seth vidal <skvidal at fedoraproject.org> wrote:
> Hi,
>
> I'd like to put a new policy in place which goes something like this:
>
> If you upload your private keys (encrypted or not) we will remove
> them, then we will remove your public keys from FAS and force you to
> login and give a new one in FAS.
>
> We do the last step on the basis that your private key, being on a
> networked, multi-user machine is now exposed to the world and
> potentially compromised. So we can no longer trust it.
>
> thoughts?
+∞
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20110929/f9b41db9/attachment.bin
More information about the infrastructure
mailing list