by mail.netbsd.org with SMTP; 18 Oct 2000 13:51:46 -0000
	id 300E22A2A; Wed, 18 Oct 2000 09:51:46 -0400 (EDT)
	by orchard.arlington.ma.us (Postfix) with ESMTP
	id EFEC51FCD; Wed, 18 Oct 2000 09:51:45 -0400 (EDT)
To: Andrew Brown <atatat@atatdot.net>
Cc: Atsushi Onoe <onoe@sm.sony.co.jp>, cjs@cynic.net,
	hubert.feyrer@informatik.fh-regensburg.de, tech-security@netbsd.org
Subject: Re: setuid ssh 
In-Reply-To: Message from Andrew Brown <atatat@atatdot.net> 
   of "Wed, 18 Oct 2000 09:47:11 EDT." <20001018094711.A29595@noc.untraceable.net> 
Reply-To: sommerfeld@orchard.arlington.ma.us
Date: Wed, 18 Oct 2000 09:51:40 -0400
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
Message-Id: <20001018135146.300E22A2A@orchard.arlington.ma.us>

> ssh-agent should be changed anyway.  what it *should* do is store the
> decrypted key for a period of time and then expunge it (ala kerberos's
> tgt, or sudo), requiring the user to reauthenticate periodically.
> once i look more closely at it, i'll have more colorful ideas, i'm
> sure.

yes.  IMHO it should generate a new keypair and use the user's
long-term key to sign a short-term "certificate" saying that the
temporary keypair is equivalent to the long-term key for some (short)
lifetime.

					- Bill