[PATCH] U2F support in OpenSSH

Michael Stapelberg stapelberg+openssh at google.com
Fri Feb 27 03:55:58 AEDT 2015


On Thu, Feb 26, 2015 at 8:44 AM, Damien Miller <djm at mindrot.org> wrote:

> On Thu, 26 Feb 2015, Michael Stapelberg wrote:
>
> > At this point it should be obvious, but let me state that I don?t have
> > motivation/time to spend on this right now, given that upstream shows
> > 0 interest in this at all :(.
>
> That's not how I recall it. When you approached me last year, I told
> you then that I wouldn't have time to properly look at it for months -
>

This didn’t come across well, but it could be that I just misunderstood
what you were saying.


> I have limited time to work on OpenSSH so I have to chose my priorities
> carefully. A new authentication mode for a nascent hardware standard
> unfortunately had to take a back seat to a big refactoring that has been
> almost-finished for two years.
>

That’s definitely fair.


>
> When you posted your patches to bugzilla, I it took a while for you to
> come up with a protocol spec to review which really should have been
> starting point before diving in to write code.
>

Different people have different approaches :).


>
> Now it's great that the protocol spec is there to look at, but it still
> requires more familiarity with the rest of U2F than I have at present.
> The code as it stands also AFAIK requires an incompatibly-licensed
> helper library. Neither of these problems are insumountable, but they do
> make it harder to start.


Agreed. I want to point out that you still haven’t clarified the (to me)
crucial question, so let me ask you directly:

Do you think, right now, based only on the information you have so far,
that you’ll eventually merge a patch adding U2F to OpenSSH? It’s okay to
reverse your decision later and I’m not taking this as a promise, but what
I do want to know is the upstream sentimen, i.e. if you’re rather adverse
to having U2F support in OpenSSH at all.


More information about the openssh-unix-dev mailing list