[Pulp-dev] Pulp 3: using JWT to request a JWT
Jeremy Audet
jaudet at redhat.com
Thu Nov 30 17:21:58 UTC 2017
Good points.
> Another scenario: someone tcpdumps my traffic (yes, somehow they have the
SSL cert, work with this assumption for now). They can come back 3 days
from now, browse the tcpdump output, and renew the token. That would not be
possible with a short-lived token and no renewal past expiration.
Renewal with expired tokens isn't being proposed. This is a straw man
argument.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-dev/attachments/20171130/3fb63ad5/attachment.htm>
More information about the Pulp-dev
mailing list