Good points. > Another scenario: someone tcpdumps my traffic (yes, somehow they have the SSL cert, work with this assumption for now). They can come back 3 days from now, browse the tcpdump output, and renew the token. That would not be possible with a short-lived token and no renewal past expiration.
Renewal with expired tokens isn't being proposed. This is a straw man argument.
_______________________________________________ Pulp-dev mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-dev
