|
| From: | Jon Bright |
| Subject: | Re: [Monotone-devel] Re: passphrase option |
| Date: | Thu, 12 Aug 2004 16:49:56 +0200 |
| User-agent: | Mozilla Thunderbird 0.6 (Windows/20040502) |
Mark White wrote:
Doesn't sound like a big problem: after all, you can keep as many keys as you want in an ssh-agent, and nothing's making you use the same ones for Monotone as for any login auth. But AFAIK ssh keys don't have much concept of a label (email address in monotone); it's highly mutable, and quite possibly can't be retrieved from the agent anyway. This might need some extra work -- perhaps we could have a new certificate type connecting an email address with a key, for example.
Having had the misfortune to implement agent stuff, the other disadvantages are that
a) the SSH drafts aren't yet published RFCs. I take part in the IETF SSH working group, and the core drafts look like they stand a good chance of becoming RFCs in the next 6 months or so, but the agent draft will doubtless take longer, depending as it does on the core RFCs.
b) As a result, there are (at least) two different, incompatible SSH2 agent protocols. One is RFC-compliant, but the mostly-widely-installed sshd, OpenSSH, isn't (unless they've suddenly changed it since the last time I looked).
c) There are agents for Windows, *ix and (I presume) MacOS, but there's no single defined method of accessing the agent, even assuming you speak the version of the agent protocol it's chosen to implement.
All in all, I'd say ssh-agent is probably a murky enough bog that Monotone would be best served by steering clear of it.
-- Jon Bright Silicon Circus Ltd. http://www.siliconcircus.com
| [Prev in Thread] | Current Thread | [Next in Thread] |