Re: agent draft (was Re: Secure Shell: Milestone Update.)

[der Mouse <mouse%Rodents.Montreal.QC.CA@localhost>]

> [T]here's a broader architectural question involved with agent
> forwarding.

> Namely, the SSH_AGENT_ADD_KEY request involves sending a valuable
> private signature key with normally unbounded lifetime over the wire
> protected only by SSH's underlying cryptographic channel.

True, as far as it goes.

> This exposes the private key far more than most protocols,

True.

> and precludes use of hardware tokens (such as smart cards) which
> allow cryptographic operations to be requested without providing all
> users with a copy of the key.

False, fortunately.

There is no reason why SSH_AGENT_ADD_KEY has to be the only mechanism
for rendering the agent capable of handling a PRIVATE_KEY_OP request.
An agent could easily have some private channel to a smartcard; such an
agent might well come up with the appropriate key already installed, or
might have it appear mid-run (as if some other client had added it, as
far as all clients are concerned).

It is probably beyond our scope to try to define how such an agent
might talk to its smartcard or whatever, or how it would be configured
to do so - but there is nothing in what we've got that prevents it from
being done if someone cares to.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse%rodents.montreal.qc.ca@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B