IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
WG Chair comments on draft-ietf-secsh-agent-01.txt
Two comments:
1) "split" references (there's only one and it's normative)
2) security considerations section doesn't mention the case where you
do an ssh-add into a forwarded agent connection. While this
exchange is protected via encryption, it does involve casually
moving a long-term public keypair over the net to a remote system,
which should raise a few eyebrows..
It is not clear to me what we should do about this. Either we should:
a) suggest that implementations detect and warn about this case,
or
b) redesign the protocol so that SSH_AGENT_PRIVATE_KEY_OP requests
flow towards the node with the key rather than having all keys and
requests flow to the "root" agent.
Any comments from the rest of the WG?
- Bill
Home |
Main Index |
Thread Index |
Old Index