Re: agent draft (was Re: Secure Shell: Milestone Update.)

To: ietf-ssh%netbsd.org@localhost
Subject: Re: agent draft (was Re: Secure Shell: Milestone Update.)
From: Simon Tatham <anakin%pobox.com@localhost>
Date: Fri, 18 Mar 2005 10:37:29 +0000

Bill Sommerfeld  <sommerfeld%sun.com@localhost> wrote:
>  3) if the agent is the only trusted one and the remote system is not
> trusted to see the cleartext private key, the key could be stored
> remotely in encrypted form and decrypted
> by the agent (using a passphrase or other means).  (very different use
> model.)

The PuTTY team has had quite a lot of requests for a use model like
this, because it provides other desirable features such as the
ability to store all your keys encrypted until they're first needed
and ask for their passphrases as required.

The slightly fiddly bit is that there's currently no standard for
the format of an encrypted private key, and every implementation I
know of has its own format and would probably be reluctant to switch
to a standard one. Therefore I was planning to implement this (if
and when I get round to it at all) by means of a user-defined-
extension mechanism in the agent protocol, rather than attempting to
suggest a standardised form.
-- 
Simon Tatham         "My heart bleeds.
<anakin%pobox.com@localhost>    (That's how it works.)"   -- Gareth Taylor

Follow-Ups:
- Re: agent draft (was Re: Secure Shell: Milestone Update.)
  - From: Niels Möller

References:
- Re: agent draft (was Re: Secure Shell: Milestone Update.)
  - From: Bill Sommerfeld

Prev by Date: Re: Secure Shell: Milestone Update.
Next by Date: Re: Secure Shell: Milestone Update.
Previous by Thread: Re: agent draft (was Re: Secure Shell: Milestone Update.)
Next by Thread: Re: agent draft (was Re: Secure Shell: Milestone Update.)
Indexes:

Home | Main Index | Thread Index | Old Index