@julian Okay, yes, this should work. ICS-Export is not extremely secure. There is a wide range of apps, that can import ICS, but I guess many of them have no ssh-key-validation included and accept any key.
Who enables ICS-export should know, that a capable attacker can find a way to get the ICS of some users.
Hopefully next week, I may find time to have a look on it.