On 07/26/2013 11:26 PM, Brian wrote: > On Fri 26 Jul 2013 at 12:55:04 +0300, Lars Noodén wrote: > >> disabling that key and making a new one for yourself. It's a good idea >> for keys to be rotated periodically anyway. > > Does this 'good idea' have reasons to support it?
It is for much the same reasons that passwords are rotated. It was mainly this draft that convinced me: http://datatracker.ietf.org/doc/draft-ylonen-sshkeybcp/?include_text=1 It mentions rotating the keys in several places. There is also this one, which is about storage, but IMHO applies also to connection. https://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet#Rule_-_Rekey_data_at_least_every_one_to_three_years Regards, /Lars -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/51f38d41.1000...@gmail.com
