Re: agent draft updated

[Damien Miller <djm%mindrot.org@localhost>]

On Tue, 15 Aug 2023, Niels Möller wrote:

> Damien Miller <djm%mindrot.org@localhost> writes:
> 
> > IMO the agent protocol is widely deployed and is therefore worth
> > documenting, so I'd like to see this become an RFC,
> 
> I agree that would be useful. I'm involved in a couple of projects that
> use the ssh agent protocol as a simple and general-purpose interface for
> accessing a signing oracle, using the required ssh formats for keys but
> otherwise not tightly coupled to the ssh protocols.
> 
> From this perspective, it would make sense to vew the agent protocol as
> two sub-protocols, one for querying and using private keys (basically
> sections "4.4. Requesting a list of keys" and " "4.5. Private key
> operations" in your draft), which I view as the signing oracle
> interface. The remaining operations are a protocol for managing keys
> handled by the agent.

I've updated the draft with an extra paragraph in the Protocol Overview
section that emphasises that agents may implement subsets of
functionality or restrict functionality in particular contexts.

https://www.ietf.org/archive/id/draft-miller-ssh-agent-08.html#name-protocol-overview

I don't think it makes sense to be too proscriptive around whether/how
the protocol could be split, because lots of options are possible but
not many of them are common.

> E.g., in the ssh context, it would make some sense for ssh agent
> forwarding to only expose the signing oracle interface, and possibly
> exposing only a subset of the agent's keys.

OpenSSH does indeed do this via some extensions:
https://www.openssh.com/agent-restrict.html