Context

It was reported as https://issues.jenkins.io/browse/SECURITY-2425, but considered as an improvement instead of a vulnerability. The documentation was updated in https://github.com/jenkinsci/remoting/pull/476.
Also discussed in https://github.com/jenkinsci/docker-inbound-agent/pull/76#issuecomment-1329019981.

Idea

Currently the HMAC is generated using the agent name, which is deterministic. It could be also potentially reused, generating potential issues. Having a randomly generated secret during agent creation could ease reusability of name and configuration through JCasC.