WG Chair comments on draft-ietf-secsh-agent-01.txt

To: sjl%ssh.com@localhost
Subject: WG Chair comments on draft-ietf-secsh-agent-01.txt
From: Bill Sommerfeld <sommerfeld%east.sun.com@localhost>
Date: Tue, 15 Jul 2003 18:25:52 -0400

Two comments:

 1) "split" references (there's only one and it's normative)

 2) security considerations section doesn't mention the case where you
    do an ssh-add into a forwarded agent connection.  While this
    exchange is protected via encryption, it does involve casually
    moving a long-term public keypair over the net to a remote system,
    which should raise a few eyebrows..

It is not clear to me what we should do about this.  Either we should:

a) suggest that implementations detect and warn about this case,

or 

b) redesign the protocol so that SSH_AGENT_PRIVATE_KEY_OP requests
 flow towards the node with the key rather than having all keys and
 requests flow to the "root" agent.

Any comments from the rest of the WG?

						- Bill

Follow-Ups:
- Re: WG Chair comments on draft-ietf-secsh-agent-01.txt
  - From: Damien Miller
- Re: WG Chair comments on draft-ietf-secsh-agent-01.txt
  - From: Nicolas Williams
- Re: WG Chair comments on draft-ietf-secsh-agent-01.txt
  - From: Simon Tatham
- Re: WG Chair comments on draft-ietf-secsh-agent-01.txt
  - From: Darren J Moffat

Prev by Date: wg chair comments on draft-ietf-secsh-break-00.txt
Next by Date: Re: WG Chair comments on draft-ietf-secsh-agent-01.txt
Previous by Thread: wg chair comments on draft-ietf-secsh-break-00.txt
Next by Thread: Re: WG Chair comments on draft-ietf-secsh-agent-01.txt
Indexes:

Home | Main Index | Thread Index | Old Index