The algorithm name ""

To: ietf-ssh%netbsd.org@localhost
Subject: The algorithm name ""
From: nisse%lysator.liu.se@localhost (Niels Möller)
Date: 25 Apr 2001 11:53:08 +0200

I've had some reports on interoperation problems with the latest lsh
client and a server presenting itself as "SSH-1.99-2.0.13
(non-commercial)". The server sends a USERAUTH_FAILURE message 

DEBUG: Received USERAUTH_FAILURE (size 25 = 0x19)
00000000: 33000000137075626c69636b65792c70  3....publickey,p
00000010: 617373776f72642c00                assword,.

Looking at the packet, the "authentications that can continue" string
is "publickey,password,". Note the trailing comma. lsh parses this as
a list with three elements "publickey", "password", "". And it
considers empty algorithm names as a protocol error and disconnects.

Am I being overly pedantic, or should empty algorithm names be treated
as errors? As far as I can see, the only limits the architecture spec
sets is a maximum size, and a limits on the characters that can be
used. On the other hand, I really hope that the algorithm name "" will
never be defined by this wg, so it is highly unreasonable to send it.

Another question is how to interpret the list "" (which makes sense
for instance in the languages_client_to_server list). Is that an empty
list, or a list containing a single empty string?Ruling out empty
strings resolves that ambiguity, making sure that "" can only be
interpreted as an empty list.

I'd like to edit the architecture draft as follows,

Current text:

  5.  Algorithm Naming
  
  The SSH protocols refer to particular hash, encryption, integrity,
  compression, and key exchange algorithms or protocols by names.  There
  are some standard algorithms that all implementations MUST support.
  There are also algorithms that are defined in the protocol
  specification
  but are OPTIONAL.  Furthermore, it is expected that some organizations
  will want to use their own algorithms.
  
  In this protocol, all algorithm identifiers MUST be printable US-ASCII
  strings no longer than 64 characters.  Names MUST be case-sensitive.

Proposal: Replace the last paragraph with

  In this protocol, all algorithm identifiers MUST be printable
  US-ASCII non-empty strings no longer than 64 characters. Names MUST
  be case-sensitive.

It may also be a good idea to specify the format for comma-separated
lists once, in the architecture document. Proposal, to be added to
section 4, "Data Type Representations Used in the SSH Protocols" in
the architecture document:

    name-list
      
      A string containing a comma separated list of names. A name list
      is stored as a uint32 containing its length (number of bytes
      that follow) followed by a comma-separated list of zero or more
      names. A name MUST be non-empty, and it MUST NOT contain a comma
      (','). Context may impose additional restrictions on the names,
      for example, the names in a list may have to be valid algorithm
      identifier (see Algorithm Naming below), or [RFC-1766] language
      tags. The order of the names in a list may or may not be
      significant, also depending on the context where the list is is
      used. Terminating NUL characters are not used, neither for the
      individual names, nor for the list as a whole.

    Examples:
    value              representation (hex)
    ---------------------------------------
    (), the empty list 00 00 00 00
    ("zlib")           00 00 00 04 7a 6c 69 62
    ("zlib", "none")   00 00 00 09 7a 6c 69 62 2c 6e 6f 6e 65

/Niels

Follow-Ups:
- Re: The algorithm name ""
  - From: Sami J. Lehtinen

Prev by Date: Re: draft minutes from meeting at ietf50..
Next by Date: I-D ACTION:draft-ietf-secsh-dh-group-exchange-01.txt
Previous by Thread: New draft editor.
Next by Thread: Re: The algorithm name ""
Indexes:

Home | Main Index | Thread Index | Old Index