Re: WG Chair comments on draft-ietf-secsh-agent-01.txt

To: Simon Tatham <anakin%pobox.com@localhost>
Subject: Re: WG Chair comments on draft-ietf-secsh-agent-01.txt
From: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Date: Thu, 17 Jul 2003 16:14:47 +0200 (CEST)

On Wed, 16 Jul 2003, Simon Tatham wrote:

> Bill Sommerfeld  <sommerfeld%east.sun.com@localhost> wrote:
> >  2) security considerations section doesn't mention the case where you
> >     do an ssh-add into a forwarded agent connection.  While this
> >     exchange is protected via encryption, it does involve casually
> >     moving a long-term public keypair over the net to a remote system,
> >     which should raise a few eyebrows..
>
> Hmm. I tend to see it the other way round. In the designed usage
> model, the real agent is running on your _local_ system, which is
> usually the only one you trust with your private keys. If you do an
> ssh-add from a remote system, the potential problem is not the
> transfer of the key to your trusted local machine: it's the fact
> that the remote system somewhere on the Internet which you're
> transferring the key _from_ had access to both the key file and the
> passphrase. Or, if you're concerned about attacks on the network
> connection between them, then the damage is probably already done
> once you've typed the passphrase through your SSH connection.

I think the key words in Bill's comment above are 'over the net', not
'remote'.  I do think that moving a long-term keypair over the net is
indeed not something to be done causally.

References:
- Re: WG Chair comments on draft-ietf-secsh-agent-01.txt
  - From: Simon Tatham

Prev by Date: Re: SSH_MSG_KEXGSS_HOSTKEY (was: Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt)
Next by Date: Re: Comment on draft-ietf-secsh-gsskeyex-06
Previous by Thread: Re: WG Chair comments on draft-ietf-secsh-agent-01.txt
Next by Thread: Re: WG Chair comments on draft-ietf-secsh-agent-01.txt
Indexes:

Home | Main Index | Thread Index | Old Index