* May I ask for your opinion?
* Do we want it to remain non-trivial to add public keys to authorized_keys? Is there a security reason for doing so?
* Is this ssh-import-id utility just a bad idea?
* Do you have security concerns about the key retrieval method?
* Is SSL and/or Launchpad unsuitable for this sort of thing?
* Would there be any reason to force the client to authenticate with the server too? (I'd think not, as this is a public key, and an open URI).
* Is it inadvisable to put such a utility in /usr/bin such that it's discoverable in the default path? Would it be better to hide it away in /usr/lib or something?
* Is openssh-server the right/wrong place for this utility? Does the answer to that question change whether we're talking about Lucid or Lucid+1?
* Does this open up new opportunities for abuse somehow?
Kees-
* May I ask for your opinion?
* Do we want it to remain non-trivial to add public keys to authorized_keys? Is there a security reason for doing so?
* Is this ssh-import-id utility just a bad idea?
* Do you have security concerns about the key retrieval method?
* Is SSL and/or Launchpad unsuitable for this sort of thing?
* Would there be any reason to force the client to authenticate with the server too? (I'd think not, as this is a public key, and an open URI).
* Is it inadvisable to put such a utility in /usr/bin such that it's discoverable in the default path? Would it be better to hide it away in /usr/lib or something?
* Is openssh-server the right/wrong place for this utility? Does the answer to that question change whether we're talking about Lucid or Lucid+1?
* Does this open up new opportunities for abuse somehow?
:-Dustin