Daniel Kahn Gillmor
2011-Mar-07 19:08 UTC
Indicating context when asking the ssh-agent to use a key
This e-mail is about thinking through some possible extensions to the ssh-agent communications protocol. When the ssh-agent receives a request to use one of the keys it holds, it gets no context information from the requesting system about what the key operation is to be used for. My own typical workflow (as a user who actively monitors and confirms the use of my keys by the ssh-agent) is to just correlate things by time. e.g. "i just did action X, so i expect key Y to be used right around now, so i'll say OK". If there was a way to communicate the context of the use to the agent, so that the agent could relay that to the user in whatever notification or confirmation it provides, it would seem like a Good Thing. If there was a way to do that with some measures of cryptographic reliability (e.g. so that a malicious client couldn't say "please make this signature for X" when it was actually intending to be used for Y), it would be even better. I'm not sure i understand how that could happen, though i'd be happy to consider proposals/suggestions. I suspect this would require at least an extension to the ssh-agent protocol, but i'm not sure where or how that would be done. Any thoughts on this? i just opened a bug report about this here, if anyone wants to contribute proposed patches/protocol suggestions: https://bugzilla.mindrot.org/show_bug.cgi?id=agent-context I'm happy to have a bigger-picture discussion here on the list, though. Is this a bad idea? a nice idea but unimplementable for some reason? is this already possible somehow? Regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20110307/4e026f85/attachment.bin>
Apparently Analagous Threads
- Processed: updating submitter e-mail address
- [Bug 1876] New: Requests to use keys held by the ssh-agent have no way of indicating their context
- [Bug 1506] New: rationalize agent behavior on smartcard removal/reattachment
- [Bug 1545] ssh-keygen -R removes all comments from known_hosts file
- Legacy option for key length?