https://bugzilla.mindrot.org/show_bug.cgi?id=3212
Damien Miller <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #1 from Damien Miller <[email protected]> --- If we were to allow this then I think we'd need proof-of-possession of the private key before allowing the user to attach a new certificate to it. Doing this is tricky, because it means a multi-step protocol between the client and the agent, and no other agent request is similarly multi-step. (It needs to be multi-step because the agent would need to send the client a cookie/challenge to ensure the proof is fresh and not a replay). -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
