- buy a SSL certificate or self-sign so key transfer is not in the clear
- broaden the descriptions of what to do with keys for different platforms
- get a reasonably faster server for quicker keygen times
- handle edge cases for auto-keydeposit expect scripts
- implement key installation via web interface
- document process of re-keying with preservation of original keypair
- ajax to collapse two-page interface into a one-page interface
- passphrase generation could perhaps be client side ?
- judicious use of passphrases (consider tradeoffs for availability and confidentiality)
- properly initiate the source of entropy
- transfer of private keys should maintain an appropriate level of assurance
- separately escrow the passphrase and private key file
- storage of private keys and passphrases maintains appropriate level of assurance
- escrow according to pre-established corporate policy
Friday the 9th of May, 2008
about sshkeygen
As far as I know, this is the first ever use of the web for ssh key generation and escrow. Hopefully this site will encourage best practice uses of secure shell keys. I am eager to hear your ideas on how this site could be improved. email me at: caughron-at-gmail-.-com. Here are some of mine...
|