undefined | Better HN

story

0 pointsAlexandrB4y ago0 comments

> Other commenters have mentioned sync

Isn't this an anti-feature? The ability to revoke an SSH key specific to a stolen laptop from a server or your Github account seems like a benefit. Using the same SSH key on every machine is a downgrade.

On the other hand, the ability to manage access to shared keys is really nice.

0 comments

Yeri4y ago

I guess rotating one key is easier though. Just update in 1psw and done.

tialaramex4y ago

But why are you "rotating" keys? Most of the reasons people give involve unnecessary exposure of the private key material, which is exactly what you're encouraging by having 1password keep these keys instead of them living on individual hardware.

Yeri4y ago

Well keeps are also shared via chat or emails and people exit the company. Sure taking out one key is more precise but rotating all is probably easier

tialaramex4y ago

You may notice they aren't called "Fun size sharing keys" or "Family pack keys" but instead "Private keys" because of that word "Private".

You don't need to wait for people to "exit the company". Sharing private keys was wrong, invalidate those keys. If somebody else knows your private key it isn't private any more. Get this stuff right and rotating keys is unecessary, get it wrong and rotating keys can't help you.

kristjansson4y ago

Presumably if the laptop is stolen, the key isn’t exposed because it’s in 1Password, and the attacker doesn’t have your master password?

j / k navigate · click thread line to collapse

0 comments

Yeri4y ago

I guess rotating one key is easier though. Just update in 1psw and done.

tialaramex4y ago

Yeri4y ago

Well keeps are also shared via chat or emails and people exit the company. Sure taking out one key is more precise but rotating all is probably easier

tialaramex4y ago

You may notice they aren't called "Fun size sharing keys" or "Family pack keys" but instead "Private keys" because of that word "Private".

kristjansson4y ago

Presumably if the laptop is stolen, the key isn’t exposed because it’s in 1Password, and the attacker doesn’t have your master password?

j / k navigate · click thread line to collapse