[rossjudson]

Seems like a bad idea. Requiring a touch means it's much harder to trigger the key through software alone -- or maybe impossible. So someone has to actually be present at the machine. This is particularly important when, for whatever reason, the machine you can actually put your hands on is actually a gateway to other machines. You can ssh tunnel all you want, but somebody still has to physically touch the key for it to authenticate. Naturally, that only works if you authenticate at each level, and if you do not trust other levels.

The way we use them at Google, the keys are associated to particular machines and human accounts. You can't just remove a key from one machine and stick it into something else. It is the combination of the machine and the key that is enabled. A key can be deregistered/wiped, and assigned to a different machine...but you need to be properly logged in to make that happen. In the context of a corporation that is relatively straightforward, but perhaps for personal use it is less so. Actually, without the right infrastructure in place, it's quite likely to be a lot more complicated.