Re: agent draft updated

To: Simon Tatham <anakin%pobox.com@localhost>
Subject: Re: agent draft updated
From: Niels Möller <nisse%lysator.liu.se@localhost>
Date: Wed, 23 Aug 2023 16:37:41 +0200

Simon Tatham <anakin%pobox.com@localhost> writes:

> The auth-agent-req@ request is a CHANNEL_REQUEST and not a
> GLOBAL_REQUEST. But nothing is said about what that channel in
> particular has to do with anything.

I'm not sure how this works (and I have so far never implement agent
forwarding myself), but I would expect that the forwarding is implicitly
cancelled when the associated channel is closed. I.e., any auth-agent@
CHANNEL_OPEN requests received after the CHANNEL_CLOSE for the
associated channel should fail. 

But to make that work properly if agent forwarding is requested on
multiple channels, it would help if the CHANNEL_OPEN request includes
the id of that associated channel (which it doesn't, according to the
draft. iirc, x11 forwarding has the same issue).

The client could still keep track of number of active sessions with
agent forwarding enabled, and refuse auth-agent@ CHANNEL_OPEN once that
count goes down to zero.

Regards,
/Niels

-- 
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.

Follow-Ups:
- agent forwarding [was Re: agent draft updated]
  - From: Mouse
- Re: agent draft updated
  - From: Simon Tatham

References:
- agent draft updated
  - From: Damien Miller
- Re: agent draft updated
  - From: Simon Tatham
- Re: agent draft updated
  - From: Damien Miller
- Re: agent draft updated
  - From: Simon Tatham
- Re: agent draft updated
  - From: Damien Miller
- Re: agent draft updated
  - From: Simon Tatham

Prev by Date: Re: agent draft updated
Next by Date: Re: agent draft updated
Previous by Thread: Re: agent draft updated
Next by Thread: Re: agent draft updated
Indexes:

Home | Main Index | Thread Index | Old Index