OpenSSH daemon security bug?

Michael Stone mstone at mathom.us
Wed Jan 6 23:50:50 EST 2010


On Tue, Jan 05, 2010 at 05:19:37PM -0800, you wrote:
> You _can_ enforce private key expiry, if you wish,

You can do all sorts of things, and people are doing those things. But 
those people have thought out the risks and made sure that they've 
mitigated them as well as they can in their environment--not just blindy 
trusted that "keys are better". I'm merely trying to get people 
thinking, not saying that keys are inherently less secure.

Mike Stone


More information about the openssh-unix-dev mailing list