Re: agent draft updated

[Damien Miller <djm%mindrot.org@localhost>]

On Wed, 16 Aug 2023, Simon Tatham wrote:

> 
> Damien Miller <djm%mindrot.org@localhost> wrote:
> > Sorry for missing that. I've uploaded a new draft with Ed25519 generalised
> > to EDDSA:
> 
> Looks good, thanks.
> 
> Another thing I don't see in this document is how it ties in to the SSH
> protocol itself, via agent forwarding. As currently written, this spec
> is only useful to people communicating locally with an agent.
> 
> I suppose that the current agent-forwarding messages aren't quite
> suitable for standardising as they are, because they have @openssh.com
> identifiers in the forwarding request and the channel type. But we could
> define new synonyms without them, in the usual way when implementation-
> specific features get promoted to standards.
> 
> (Although we probably shouldn't use the obvious names "auth-agent-req"
> and "auth-agent", because those were the names used in the 2002
> draft-ietf-secsh-agent which specified a totally different protocol. We
> should probably also clarify that that protocol and this one are
> unrelated.)

Good idea, I added a section on forwarding that captures the currently-
used @openssh.com names and includes an ext-info mechanism to advertise
new names.

https://www.ietf.org/archive/id/draft-miller-ssh-agent-09.html#name-forwarding-access-to-an-age

-d