Change -setup to generate a key with "touch policy" of "cached" instead of "always" #146
Description
Would it make sense to have the -setup argument default to using the cached touch policy instead of the always policy?
Cached: a touch is not needed if the YubiKey had been touched in the last 15 seconds, otherwise a touch is needed
Only suggesting as I ended up in this situation
- Generated a key using
yubikey-agent - Deployed it to a bunch of servers
- Discovered that when doing a set of
gitactions that connect to GitHub 3 or 4 times, thealwaystouch policy that the key was generated with requires touching the yubikey 4 times in a row to make 4 connections
It's very possible though that choosing the always touch policy is intentional and there's a good security story for this choice in which case feel free to disregard my suggestion.