IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: agent draft updated



I would suggest that before standardizing the agent protocol, we should first document the existing one. IMHO this is best done as an informational RFC submitted via the independent submission stream (see https://www.rfc-editor.org/about/independent/).

Once that is done, if there is any new work to do, and you are willing to cede change control to the IETF, then it would seem appropriate to do a follow-on document, perhaps on the standards track. I don't think the SSH community has the energy to form a new working group, but we've had good luck on this mailing list with using the process for non-wg documents. 

-- Jeff 

On Wed, Aug 16, 2023, 04:43 Simon Tatham <anakin%pobox.com@localhost> wrote:

Damien Miller <djm%mindrot.org@localhost> wrote:
> Sorry for missing that. I've uploaded a new draft with Ed25519 generalised
> to EDDSA:

Looks good, thanks.

Another thing I don't see in this document is how it ties in to the SSH
protocol itself, via agent forwarding. As currently written, this spec
is only useful to people communicating locally with an agent.

I suppose that the current agent-forwarding messages aren't quite
suitable for standardising as they are, because they have @openssh.com
identifiers in the forwarding request and the channel type. But we could
define new synonyms without them, in the usual way when implementation-
specific features get promoted to standards.

(Although we probably shouldn't use the obvious names "auth-agent-req"
and "auth-agent", because those were the names used in the 2002
draft-ietf-secsh-agent which specified a totally different protocol. We
should probably also clarify that that protocol and this one are
unrelated.)

Cheers,
Simon

--
for k in [pow(x,37,0x1a1298d262b49c895d47f) for x in [0x50deb914257022de7fff,
0x213558f2215127d5a2d1, 0x90c99e86d08b91218630, 0x109f3d0cfbf640c0beee7,
0xc83e01379a5fbec5fdd1, 0x19d3d70a8d567e388600e, 0x534e2f6e8a4a33155123]]:
 print("".join([chr(32+3*((k>>x)&1))for x in range(79)])) # <anakin%pobox.com@localhost>


Home | Main Index | Thread Index | Old Index