-
@davidcrawshaw @Tailscale yeah you are right of course, notifications sound easy but getting it right is hard how about duringPermalink
tailscale upit would tell you something like "NOTE: This key will be valid for X months, you will need to reauthenticate when the key expire. To disable expiry do go to Y"
Mood +3 🙂
-
@davidcrawshaw @Tailscale I am also curious though about the reasoning behind 6 month expiry. Is it documented somewhere? I understand the threat model of forgotten/decommissioned devices re-joining, but what else? How about deactivate inactive keys after 6 months (and allow reactivation)?Permalink
Mood -1 🙁
-
@davidcrawshaw @Tailscale And on the topic of notification, how about a notification if a expired key is trying to rejoin? That seems like a rare enough thing that would be worth a email notification. In my case I only found about the key expiry after I had fixed it (accidentally).
Mood +2 🙂