IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: last-call issues..
Tero Kivinen <kivinen%mail.niksula.cs.hut.fi@localhost> writes:
> Niels Möller writes:
> > I think he's saying that if filtering is done at the server end,
> > clients need not know about it, and it's therefore not a protocol
> > issue at all.
>
> I don't want the transport/connection layer server/client to know too
> much about the subsystem protocol. The subsystem client/server DO know
> about the subsystem protocol and they CAN detect if the input is valid
> subsystem protocol or not. If it is not, then they can ignore stuff
> until they see something familiar....
I think I have talked too much about this already, but let me write a
short summary and then I'll try hard to stay quiet for a day or two:
You think about filtering as knowledge about the sub-system protocol,
which makes it natural to think that the sub-system client should know
about it.
I think about it as knowing about possible brokenness in the
exec-by-login-shell mechanism, which is a somewhat obscure
implementation detail in (most) ssh servers on Un*x, and working
around that. From that point of view, requiring the client to do the
working around is clearly not the right thing to do.
It's the transport layer's responsibility to provide a clean channel,
with no garbage, for the sub-system layer to use. If the transport
layer fails to do that, for any reason, it's not the sub-system's
fault.
/Niels
Home |
Main Index |
Thread Index |
Old Index