Neat, if you disregard the (justified? unjustified?) widespread suspicion of TPMs.
However, this only prevents an attacker copying the key to another machine. If the attacker has access to that key, then they have access to your machine. Not much stops them from installing malware and using your machine as a proxy for the session they want to establish to the endpoint (with the additional benefit of appearing to connect to that endpoint from your machine in any connection logs).
It should be noted that ssh, gpg-agent, and OpenPGP smart cards already provide the capability to store an SSH key on a removable smart card. Storing your key on a smart card provides the additional barriers that such a proxying setup would only work 1) while you have the card inserted, and 2) if you authorize that access by entering the PIN (optionally through an un-observable channel if you have a Class II or III reader). Of course such hypothetical malware would still be able to inject commands into a session once you log on to the endpoint, but it would be much harder to avoid your detection.
Of course, most modern machines come with a TPM (right? correct me if I'm wrong), while very few people have an OpenPGP smart card.
Suspicion of TPMs has, so far, been just wrong. Most machines don't have TPMs; they're usually a feature on "business" laptops. Lenovo's ThinkPads have them, IdeaPads don't.
But now Windows 8.1 apparently makes OEMs ship a TPM to provide transparent device encryption for tablets - so it should become more commonplace. (It might only be for ARM devices though.) I'd assume those TPMs provide the full APIs and capabilities others do.
Intel has a habit of trickling down features of "business chips" to the consumer chips. If I'm not mistaken, they may even be the same chips, Intel just disables those features for lower-end chips. So it's just a matter of time.
I think it's right to be very suspicious of these chips, especially since Intel has been awfully quiet despite all the accusations, and we do know that NSA has been trying to get "encryption hardware vendors" to subvert the encryption for them.
> Neat, if you disregard the (justified? unjustified?) widespread suspicion of TPMs.
Most of the TPM fears are about its secure booting features, about locking in a machine to a certain OS or DRM code. This isn't using those features.
> If the attacker has access to that key, then they have access to your machine.
Not necessarily true. First of all they won't have access to you machine all the time. When you turn it off they won't have access to the key. Same when you improve your firewall rules (maybe).
I get a warm feeling from knowing that when someone logged in using a specific key, then a certain piece of hardware was involved in the handshake. Not "someone logged in", but "someone logged in using this exact laptop".
> It should be noted that ssh, gpg-agent, and OpenPGP smart cards already provide the capability to store an SSH key on a removable smart card.
However, this only prevents an attacker copying the key to another machine. If the attacker has access to that key, then they have access to your machine. Not much stops them from installing malware and using your machine as a proxy for the session they want to establish to the endpoint (with the additional benefit of appearing to connect to that endpoint from your machine in any connection logs).
It should be noted that ssh, gpg-agent, and OpenPGP smart cards already provide the capability to store an SSH key on a removable smart card. Storing your key on a smart card provides the additional barriers that such a proxying setup would only work 1) while you have the card inserted, and 2) if you authorize that access by entering the PIN (optionally through an un-observable channel if you have a Class II or III reader). Of course such hypothetical malware would still be able to inject commands into a session once you log on to the endpoint, but it would be much harder to avoid your detection.
Of course, most modern machines come with a TPM (right? correct me if I'm wrong), while very few people have an OpenPGP smart card.