Re: Current network-password-saving feature needs improvement.

On Fri, Jul 19, 2002 at 10:11:52AM -0400, David Wheeler wrote

> Network transparency _IS_ a real issue, though.
> Especially if you want to arrange things so that different
> applications can only access "their" keys (so that a trojan

ssh-agent can already do key forwarding in a secure manner, it would
make sense to piggyback off that.

> won't get _all_ the passwords; think of a web site with nasty
> pages that causes the browser to run malicious code).

There's always the option of having the super-agent ask the user to
confirm that it's ok for that application to get access to the
information. Or even have the super-agent do the key-exchange and pass
only the resulting session data back to the agent (so if there's a
compromise by a malicious app, it doesn't compromise the phrase, only
that session).

> Perhaps there should be multiple ways of making the request -
> a "local file" solution for non-GNOME applications, and a
> CORBA (Orbit) interface that would support network transparency.

ISTM that the only time that you'd want network transparency is
between hosts that you have some ability to execute programs on, and
that the ssh-agent protocol is already well known and used. Extending
that, rather than creating another circular object with adjustable
axel grips, seems sensible.

It would then be more a case of making, say, gpg access ssh-agent for
it's private key. As another example, galeon/mozilla could be modified
to offer some form of identity based on existing keys.

This is fairly similar to the Auth subproject of dot.gnu:

- Aidan

aidan velvet net  aim:aidans42
finger for pgp key fingerprint |- - - - - - - - - - - - - - -
01AA 1594 2DB0 09E3 B850       | World Domination, one crack  
C2D0 9A2C 4CC9 3EC4 75E1       | smoking hacker at at time 

Attachment: pgpAVH4gfOUab.pgp
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]