1 files changed, 9 insertions, 3 deletions

diff --git a/doc/design/assistant/sshpassword.mdwn b/doc/design/assistant/sshpassword.mdwn
index 0113144c5..8b0ac3fe3 100644
--- a/doc/design/assistant/sshpassword.mdwn
+++ b/doc/design/assistant/sshpassword.mdwn
@@ -14,10 +14,12 @@ can be pretty sure noone is sniffing the (localhost) connection.
 ## ssh-askpass approach
 
 * If ssh-askpass is in PATH, or `SSH_ASKPASS` is set, do nothing.
-  (Unless webapp is run remotely.)
+  (Unless webapp is run remotely.)  
+  XXX not currently done; the UI would need to omit the password entry
+  fields in this case.
 * Otherwise, have the assistant set `SSH_ASKPASS` to a command that will
   cause the webapp to read the password and forward it on. Also, set
-  DISPLAY to ensure that ssh runs the program.
+  DISPLAY to ensure that ssh runs the program. **done**
 
 Looking at ssh.exe, I think this will even work on windows; it contains the
 code to run ssh-askpass.
@@ -36,14 +38,18 @@ code to run ssh-askpass.
 ### ssh-askpass shim, and password forwarding
 
 `SSH_ASKPASS` needs to be set to a program (probably git-annex)
-which gets the password from the webapp, and outputs it to stdout.
+which gets the password from the webapp, and outputs it to stdout. **done**
 
 Seems to call for the webapp and program to communicate over a local
 socket (locked down so only user can access) or environment.
 Environment is not as secure (easily snooped by root).
 Local socket probably won't work on Windows. Could just use a temp file.
 
+(Currently uses a temp file with locked down perms that it's careful
+to clean up after use.)
+
 Note that the webapp can probe to see if ssh needs a password, and can
 prompt the user for it before running ssh and the ssh-askpass shim.
 This avoids some complexity, and perhaps some attack vectors,
 if the shim cannot requst an arbitrary password prompt.
+(This complexity not needed with the temp file approach..)