29 Jan
2006
29 Jan
'06
8:26 p.m.
in that if I compromise a machine that has proxy certs going thru it, I can revoke all subsequent proxies for the whatever proxy certs
Why is that bad? Let's try an analogy. Suppose my super secret password is exposed on machine B -- or better, machine B is totally compromised. It's in a chain of my logins and jobs connecting A->B->C. Since my account on B could presumably do lots of things, run lots of jobs & make other network connections, wouldn't you want to lock it once it machine B had been corrupted? Too bad about the lost work, but what's the better alternative?