On Wed, Dec 9, 2015 at 5:23 PM, David Morris <dwm(_at_)xpasc(_dot_)com> wrote:
On Wed, 9 Dec 2015, Phillip Hallam-Baker wrote:
I really could not care less what the format that they had chosen is.
But having to juggle three
when one would have been enough only makes the whole process less
reliable and less user friendly.
It has always seemed to me that these variant formats I've encountered are
a 'feature' of product implementation rather than the space the IETF
normally
standardizes. I'm not suggesting that one format isn't desireable, just
wondering where the agreement should be reached.
Which is why I would prefer the discussion to happen among SSH users and
not the developers talking to themselves or following their own whims. If
there is a standard, most people will follow it.
At least two of the three private key formats are variants of IETF
specifications. They all use the IETF public key format.
Given that we do everything in JSON these days and we will be defining JSON
formats for use with JOSE, I expect we define a private key format.
Of course, the private key format should be encrypted and bound to a
particular host so it can't be mistakenly emailed. Windows has done that
for 20 years now. It doesn't stop a hacker extracting the key if a hard
drive is lost or a backup disclosed. But it is not nothing. OSX has the
keychain mechanism which is 15 years old or so.
I would very much like to see a similar feature added into Linux and I
would like to see every app use that type of capability. Managing crypto
keys should be an O/S level concern. That makes it much easier to make use
of hardware based crypto devices with a range of applications. But a
necessary first step to make that all happen is consistent data formats.