openssh unix dev - Mar 2018 - Outstanding PKCS#11 issues

Sorry for not replying correctly, I subscribed after this thread was started
> > Bug 2430 - ssh-keygen should allow to login before reading public
> > key
> > from smart card
> > Bug 2652 - PKCS11 login skipped if login required and no pin set
> > Bug 2638 - Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the
> > private objects
> > Bug 2474 - Enabling ECDSA in PKCS#11 support for ssh-agent
> > Bug 2817 - Add support for PKCS#11 URIs (RFC 7512)
> > Bug 2472 - Add support to load additional certificates
> > Bug 2075 - [PATCH] Enable key pair generation on a PCKS#11 device
From a user perspective, #2474 and #2472 are the absolute showstoppers - there?s
no solution or workaround that can be implemented without them? or at least
those kept popping for me over the years.

Jan

ECDSA support is of particular interest to me as well. I may be able to
offer some assistance with testing.

On Fri, Mar 2, 2018 at 3:42 AM Jan Schermer <jan at schermer.cz> wrote:
> Sorry for not replying correctly, I subscribed after this thread was
> started
>
> > > Bug 2430 - ssh-keygen should allow to login before reading public
> > > key
> > > from smart card
> > > Bug 2652 - PKCS11 login skipped if login required and no pin set
> > > Bug 2638 - Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the
> > > private objects
> > > Bug 2474 - Enabling ECDSA in PKCS#11 support for ssh-agent
> > > Bug 2817 - Add support for PKCS#11 URIs (RFC 7512)
> > > Bug 2472 - Add support to load additional certificates
> > > Bug 2075 - [PATCH] Enable key pair generation on a PCKS#11 device
> From a user perspective, #2474 and #2472 are the absolute showstoppers -
> there?s no solution or workaround that can be implemented without them? or
> at least those kept popping for me over the years.
>
> Jan
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>