IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: last-call issues..
On Wed, Mar 14, 2001 at 12:12:57PM +0100, Markus Friedl wrote:
> the server implementing sftp can print what ever cookies
> it likes and the sshd has to filter the cookies out.
> but this is not a _protocol_ issue.
Hm, this doesn't really strike me as good design -- if we all agree that
subsystems require only a bi-directional stream communication channel,
then it seems like a cop-out to rely on some special in-band-but-filtered-out
communication between the sftp server and the transport server.
Who's to say one couldn't use sftp over some generic TLS pipe (say, like
the one that the stunnel package implements)?
I'm with Tero on this one -- recommend that subsystems ignore unrecognized
data sent over the channel, up until the subsystem version exchange occurs,
and require that no non-subsystem data appear on the channel once the version
exchange is complete.
--
-- Jason R. Thorpe <thorpej%zembu.com@localhost>
Home |
Main Index |
Thread Index |
Old Index