Comment 66 for bug 1490804
Revision history for this message
| Brant Knudson (blk-u) wrote Re: PKI Token Revocation Bypass | #66 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Tristan - The only thing I can think of is the user revokes their own tokens because they're concerned that it's been exposed. So they think they're stopping the 3rd party from using their token but the 3rd party can still use the token by modifying it slightly (until the token expires).
Yes, the typical concern would be an admin thinks the user's old tokens are revoked but they're still usable until they expire.