Re: WG Chair comments on draft-ietf-secsh-agent-01.txt

To: Bill Sommerfeld <sommerfeld%east.sun.com@localhost>
Subject: Re: WG Chair comments on draft-ietf-secsh-agent-01.txt
From: Darren J Moffat <Darren.Moffat%Sun.COM@localhost>
Date: Tue, 15 Jul 2003 15:34:44 -0700 (PDT)

On Tue, 15 Jul 2003, Bill Sommerfeld wrote:

> Two comments:
>
>  1) "split" references (there's only one and it's normative)
>
>  2) security considerations section doesn't mention the case where you
>     do an ssh-add into a forwarded agent connection.  While this
>     exchange is protected via encryption, it does involve casually
>     moving a long-term public keypair over the net to a remote system,
>     which should raise a few eyebrows..
>
> It is not clear to me what we should do about this.  Either we should:
>
> a) suggest that implementations detect and warn about this case,
>
> or
>
> b) redesign the protocol so that SSH_AGENT_PRIVATE_KEY_OP requests
>  flow towards the node with the key rather than having all keys and
>  requests flow to the "root" agent.

Or maybe both, if it can be migrated do so and the implementation SHOULD warn.

In fact if the key is actually in an HSM it may not be possible to
migrate the actual key to the "root" agent anyway so we might actually want
to forward the request to the "owning" agent in some cases.  However I could
be convinced the practical aspects of having access to an HSM (like a
smartcard) on the remote machine are such that this maybe unlikely and thus
we don't need to complicate the protocol.

-- 
Darren J Moffat

References:
- WG Chair comments on draft-ietf-secsh-agent-01.txt
  - From: Bill Sommerfeld

Prev by Date: WG Chair comments on draft-ietf-secsh-agent-01.txt
Next by Date: WG chair comments on draft-ietf-secsh-filexfer-04.txt
Previous by Thread: WG Chair comments on draft-ietf-secsh-agent-01.txt
Next by Thread: Re: WG Chair comments on draft-ietf-secsh-agent-01.txt
Indexes:

Home | Main Index | Thread Index | Old Index