On Fri, Jul 19, 2002 at 10:11:52AM -0400, David Wheeler wrote > Network transparency _IS_ a real issue, though. > Especially if you want to arrange things so that different > applications can only access "their" keys (so that a trojan ssh-agent can already do key forwarding in a secure manner, it would make sense to piggyback off that. > won't get _all_ the passwords; think of a web site with nasty > pages that causes the browser to run malicious code). There's always the option of having the super-agent ask the user to confirm that it's ok for that application to get access to the information. Or even have the super-agent do the key-exchange and pass only the resulting session data back to the agent (so if there's a compromise by a malicious app, it doesn't compromise the phrase, only that session). > Perhaps there should be multiple ways of making the request - > a "local file" solution for non-GNOME applications, and a > CORBA (Orbit) interface that would support network transparency. ISTM that the only time that you'd want network transparency is between hosts that you have some ability to execute programs on, and that the ssh-agent protocol is already well known and used. Extending that, rather than creating another circular object with adjustable axel grips, seems sensible. It would then be more a case of making, say, gpg access ssh-agent for it's private key. As another example, galeon/mozilla could be modified to offer some form of identity based on existing keys. This is fairly similar to the Auth subproject of dot.gnu: http://www.gnu.org/projects/dotgnu/auth.html - Aidan -- aidan velvet net http://www.velvet.net/~aidan/ aim:aidans42 finger for pgp key fingerprint |- - - - - - - - - - - - - - - 01AA 1594 2DB0 09E3 B850 | World Domination, one crack C2D0 9A2C 4CC9 3EC4 75E1 | smoking hacker at at time
Attachment:
pgpAVH4gfOUab.pgp
Description: PGP signature