IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

WG Chair comments on draft-ietf-secsh-agent-01.txt



Two comments:

 1) "split" references (there's only one and it's normative)

 2) security considerations section doesn't mention the case where you
    do an ssh-add into a forwarded agent connection.  While this
    exchange is protected via encryption, it does involve casually
    moving a long-term public keypair over the net to a remote system,
    which should raise a few eyebrows..

It is not clear to me what we should do about this.  Either we should:

a) suggest that implementations detect and warn about this case,

or 

b) redesign the protocol so that SSH_AGENT_PRIVATE_KEY_OP requests
 flow towards the node with the key rather than having all keys and
 requests flow to the "root" agent.

Any comments from the rest of the WG?

						- Bill







Home | Main Index | Thread Index | Old Index