And that's pretty much the exact same infrastructure you'd need for distributing... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		camtarn on March 24, 2022 \| parent \| context \| favorite \| on: If you’re not using SSH certificates you’re doing ... And that's pretty much the exact same infrastructure you'd need for distributing authorized_keys. Instant revocation seems to be a giant hole in this article's argument which isn't addressed at all. If you fire somebody partway through the work day, end-of-day cert expiry is not good enough to prevent compromises.

blueflow on March 24, 2022 [–]

Active reconfiguration doesn't work well if your machines aren't unconditionally reachable.

camtarn on March 24, 2022 | [–]

Hm, that is true.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact