Key Re-Exchange

To: ietf-ssh%netbsd.org@localhost
Subject: Key Re-Exchange
From: Markus Friedl <markus.friedl%informatik.uni-erlangen.de@localhost>
Date: Wed, 4 Apr 2001 01:52:43 +0200

hi,

I have some questions regarding the 'Key Re-Exchange' (aka rekeying):

is it true that no application data may be sent during key re-exchange?

how is this 'during key re-exchange' defined?

i think that that the re-exchange starts when a KEXINIT message has
been both sent _and_ received.

so, if you initiate the re-exchange, you have to wait for the KEXINIT
from the peer, but since there might be some more packets one the
wire i might get these messages before i get the KEXINIT.

the problem here is that i cannot tell whether my KEXINIT message
did already arrive at the peer or whether the peer just ignores the
KEXINIT message and just keeps sending applications messages.

am i missing something?

what are other implementations doing?

i think that the paragraph about the re-exchange should to be extended
in the current transport-draft.

-markus

Follow-Ups:
- Re: Key Re-Exchange
  - From: Niels Möller
- Re: Key Re-Exchange
  - From: Simon Tatham
- Re: Key Re-Exchange
  - From: Mats Andersson

Prev by Date: Re: SRP in OpenSSH draft protocol spec
Next by Date: Re: Key Re-Exchange
Previous by Thread: draft minutes from meeting at ietf50..
Next by Thread: Re: Key Re-Exchange
Indexes:

Home | Main Index | Thread Index | Old Index