Re: agent draft updated

To: Damien Miller <djm%mindrot.org@localhost>
Subject: Re: agent draft updated
From: Niels Möller <nisse%lysator.liu.se@localhost>
Date: Tue, 15 Aug 2023 15:25:27 +0200

Damien Miller <djm%mindrot.org@localhost> writes:

> IMO the agent protocol is widely deployed and is therefore worth
> documenting, so I'd like to see this become an RFC,

I agree that would be useful. I'm involved in a couple of projects that
use the ssh agent protocol as a simple and general-purpose interface for
accessing a signing oracle, using the required ssh formats for keys but
otherwise not tightly coupled to the ssh protocols.

>From this perspective, it would make sense to vew the agent protocol as
two sub-protocols, one for querying and using private keys (basically
sections "4.4. Requesting a list of keys" and " "4.5. Private key
operations" in your draft), which I view as the signing oracle
interface. The remaining operations are a protocol for managing keys
handled by the agent.

E.g., in the ssh context, it would make some sense for ssh agent
forwarding to only expose the signing oracle interface, and possibly
exposing only a subset of the agent's keys.

Regards,
/Niels

-- 
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.

Follow-Ups:
- Re: agent draft updated
  - From: Damien Miller

References:
- agent draft updated
  - From: Damien Miller

Prev by Date: Re: agent draft updated
Next by Date: Re: agent draft updated
Previous by Thread: Re: agent draft updated
Next by Thread: Re: agent draft updated
Indexes:

Home | Main Index | Thread Index | Old Index