https://bugzilla.mindrot.org/show_bug.cgi?id=2472
Damien Miller <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2934|0 |1 is obsolete| | --- Comment #16 from Damien Miller <[email protected]> --- Created attachment 3227 --> https://bugzilla.mindrot.org/attachment.cgi?id=3227&action=edit add SSH2_AGENTC_ADD_CERTIFICATES to add certificates for matching with private keys This is an implementation of a SSH2_AGENTC_ADD_CERTIFICATES message in ssh-agent to load one or more certificates that will be matched to private keys if/when they are loaded. I'm not convinced that being able to add certificates to one's agent yields any security problem. The authenticator is possession of the private key, and access to an agent socket is already approximately equivalent to that - an attacker could get equivalent results without ever touching the agent by grafting a certificate to an agent key themselves. BTW, it is already possible to use specify certificates in ssh that will be used with keys from the agent of PKCS#11 tokens. Maybe this isn't needed at all? -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
