On Wed, Dec 9, 2015 at 5:23 PM, David Morris <dwm@xxxxxxxxx> wrote:
On Wed, 9 Dec 2015, Phillip Hallam-Baker wrote:
>
> I really could not care less what the format that they had chosen is. But having to juggle three
> when one would have been enough only makes the whole process less reliable and less user friendly.
It has always seemed to me that these variant formats I've encountered are
a 'feature' of product implementation rather than the space the IETF normally
standardizes. I'm not suggesting that one format isn't desireable, just
wondering where the agreement should be reached.
Which is why I would prefer the discussion to happen among SSH users and not the developers talking to themselves or following their own whims. If there is a standard, most people will follow it.
At least two of the three private key formats are variants of IETF specifications. They all use the IETF public key format.
Given that we do everything in JSON these days and we will be defining JSON formats for use with JOSE, I expect we define a private key format.
Of course, the private key format should be encrypted and bound to a particular host so it can't be mistakenly emailed. Windows has done that for 20 years now. It doesn't stop a hacker extracting the key if a hard drive is lost or a backup disclosed. But it is not nothing. OSX has the keychain mechanism which is 15 years old or so.
I would very much like to see a similar feature added into Linux and I would like to see every app use that type of capability. Managing crypto keys should be an O/S level concern. That makes it much easier to make use of hardware based crypto devices with a range of applications. But a necessary first step to make that all happen is consistent data formats.