On Tue, 2020-07-21 at 14:47 +1000, Damien Miller wrote: > On Mon, 20 Jul 2020, Jordan J wrote: [...] > > Firstly, would the following or some combination thereof be > > possible or is there an obvious impediment. Secondly, if it proved > > possible are the maintainers open to a patch providing it? > > > > 1. Update the SSH ecdsa-sk public key type to contain the > > key_handle and other relevant details (it doesn't contain sensitive > > information or accessible key material so this is safe to do) > > 2. Add a method to send a list of understood *-sk" publickeys from > > authorized_keys to the client > > I'm not keen on making the public keys contain the key handle. IMO > being able to offer some protection of the key handle on disk by > setting a password on the key is valuable and we'd lose that if > everything were public by default. Your worry is that webauthn isn't true two factor because it's only based on a thing you possess rather than both a thing you know and a thing you possess? I agree, I've always thought the ability to steal someone's token was a big flaw in the scheme. However, it is trivially fixable: if you encrypt the fido key handle with a passphrase before sending it to the remote then even if I steal your token, I still can't use it to access your account because when the remote presents the encrypted key handle I don't know the passphrase to decrypt it. This double encryption scheme should work for openssh public keys containing the key handle as well. The only drawback is that to change the passphrase you now have to change every public key in every account you possess. James _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev