I didn't see any mention of having the keys expire by date (and upon use). Unused keys may get left in logs or mail folders so you can mitigate some risk here. More importantly, if an unexpired key is pending use and another is requested you should send the same key again so you don't risk confusing the user with keys that don't work.
Also, instead of locking down the recovery mechanism why not use something external? Refusing to email a key for a privileged account requires another admin to generate the hash and send it via a trusted mechanism. -david _______________________________________________ PDXRuby mailing list [email protected] IRC: #pdx.rb on irc.freenode.net http://lists.pdxruby.org/mailman/listinfo/pdxruby
