Password/Bookmark Keeper Protocol (Concept)

[Luke]

I work on a couple different computers, and we have other people in the office who sometimes work on the same project. Passwords can be complex, and it's inconvenient and insecure to send passwords to other people in the office by email. Worse yet, I use a Mac and others use Windows so the FTP software is not the same. And some other clients (like Filezilla) are not as secure with keeping passwords.

I have an idea about a Password / Bookmark keeper protocol that could be implemented into Yummy FTP, as well as other FTP clients. At the very least those using Yummy FTP on multiple Mac's would be able to use it. I know you can use Dropbox with Yummy's bookmarks, but different FTP applications use different methods of storing information. The idea is to standardize a protocol for storing the information securely and remotely so the information can be shared between multiple computers / people. I also want to stress that I don't want to just do this for FTP clients, but develop the protocol in a way so other applications can use it as well.

The protocol would have to:

- Be an open standard
- Be encrypted using SSL
- Encrypt individual sensitive keys like passwords
- Be designed to be secure on both server side (service) and client side (RSA-SHA256 for pub/priv, RC4 for two-way stream, 3DES/other for two-way block).

Perhaps the protocol should be wrapped with the HTTPS protocol, or at least have an extension that is so a service can easily be created using a web server with a language like PHP.

I'm not sure how the data should be constructed yet, but it should be made up of keys: Default keys, and application specific keys.

For a request they could be: cmd (required), id, key (encryption / decryption key for sensitive info), enctype (encryption type).

For the response it could be: id (required), type, host, password, title, description, notes, app-name (application specific keys/group like app-yummyftp).

How I envision the protocol working: The application has a setting to add one more of these "services". You would put in a host, username, password, and possibly an encryption key (perhaps have the application encrypt the information and send it to the service. Application would decrypt with same key when retrieving the information). The application would get a list of available hosts (id, type, title) and when it wishes to connect it would request each record individually by id.

I would be willing to work on this and even develop the service. Would you guys be interested in working on it and implementing it? The service (which I would write in PHP) will be open source and my goal is to get others to implement it as well. The protocol itself would have to be first well thought out and tested.

Thoughts?

[JD]

Hi there,

Thank you for sharing your thoughts and ideas, and for your kind invitation to participate. Unfortunately, I will have to decline at this time as I am already committed to lots of other new features in Yummy FTP and simply don't have the capacity for extra workload at this time.

That said, if any Yummy FTP users would be interested in such a capability please post here.

Thanks,
Jason

[Luke]

It will definitely take some time to develop a protocol and document it, so it would be a while before it could be implemented anyway. I was wondering if there was a protocol developed if there is any interest in using it.