IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: agent draft updated
Damien Miller <djm%mindrot.org@localhost> writes:
> IMO the agent protocol is widely deployed and is therefore worth
> documenting, so I'd like to see this become an RFC,
I agree that would be useful. I'm involved in a couple of projects that
use the ssh agent protocol as a simple and general-purpose interface for
accessing a signing oracle, using the required ssh formats for keys but
otherwise not tightly coupled to the ssh protocols.
>From this perspective, it would make sense to vew the agent protocol as
two sub-protocols, one for querying and using private keys (basically
sections "4.4. Requesting a list of keys" and " "4.5. Private key
operations" in your draft), which I view as the signing oracle
interface. The remaining operations are a protocol for managing keys
handled by the agent.
E.g., in the ssh context, it would make some sense for ssh agent
forwarding to only expose the signing oracle interface, and possibly
exposing only a subset of the agent's keys.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
Home |
Main Index |
Thread Index |
Old Index