openssh unix dev - Sep 2011 - pkcs and host keys

Hi Damien,

I see in your asia bsdcon presentation you mentioned the possibility
of storing host keys in PKCS #11.  I'm interested in using a usb rsa
fob for host keys and am interested in this feature.  What's the
current status?  As you said:  root compromise != persistent hostkey
theft.

THanks much,
Ben

On Thu, 1 Sep 2011, Benjamin Myers wrote:
> Hi Damien,
> 
> I see in your asia bsdcon presentation you mentioned the possibility
> of storing host keys in PKCS #11.  I'm interested in using a usb rsa
> fob for host keys and am interested in this feature.  What's the
> current status?  As you said:  root compromise != persistent hostkey
> theft.
No, I haven't started working on it yet for lack of smartcard hardware.
I (or someone else) will probably get around to it sooner or later, but
it will go quicker if I can get a supported USB smartcard on OpenBSD.

-d