[90974] in North American Network Operators' Group
RE: key change for TCP-MD5
daemon@ATHENA.MIT.EDU (David Schwartz)
Thu Jun 22 18:20:18 2006
From: "David Schwartz" <davids@webmaster.com>
To: "Nanog@Nanog. Org" <nanog@nanog.org>
Date: Thu, 22 Jun 2006 15:19:11 -0700
In-Reply-To: <82D3D80C-9193-4C5D-9A80-EE5D9CF1582A@muada.com>
X-MDaemon-Deliver-To: nanog@nanog.org
Reply-To: davids@webmaster.com
Errors-To: owner-nanog@merit.edu
> How often do you think keys should change?
Arguably, any time someone who had access to the key is no longer supposed
to have such access.
> I've never had anyone ask
> to change keys for about 50 session-years.
I guess the question the question is whether that's because they really
never needed to, really didn't think about, or really didn't want to suffer
the hassle and so just accepted the risk.
DS
