Folks, Just came across an article which talks about SSH being updated – specifically to focus on key management. A key quote from the article: “The IETF draft standard describes a process "for discovering who has access to what, bringing an existing IT environment under control with respect to automated access and SSH keys." It says "the process includes moving authorised keys to protected locations, removing unused keys, associating authorised keys with a business process or application and removing keys for which no valid purpose can be found, rotating existing keys, restricting what can be done with each authorised key, and establishing an approval process for new authorised keys." It's all part of what's supposed to be continuous monitoring and authorised key setup.” Article:
http://news.techworld.com/security/3441261/father-of-ssh-working-on-new-version-of-crypto-standard/?cmpid=TD1N2&no1x1&olo=daily%20newsletter RFC Draft:
http://www.ietf.org/id/draft-ylonen-sshkeybcp-01.txt Perhaps a good candidate for use-case construction/enumeration? Thanks, Bob Robert Burns Security Principal THALES Information Systems Security Phone: 954.888.6215
robert.burns@thalesesec.com