Re: The algorithm name ""

To: ietf-ssh%netbsd.org@localhost
Subject: Re: The algorithm name ""
From: sjl%ssh.com@localhost (Sami J. Lehtinen)
Date: 06 Aug 2001 18:05:22 +0300

nisse%lysator.liu.se@localhost (Niels Möller) writes:

> I've had some reports on interoperation problems with the latest lsh
> client and a server presenting itself as "SSH-1.99-2.0.13
> (non-commercial)". The server sends a USERAUTH_FAILURE message 
> 
> DEBUG: Received USERAUTH_FAILURE (size 25 = 0x19)
> 00000000: 33000000137075626c69636b65792c70  3....publickey,p
> 00000010: 617373776f72642c00                assword,.
> 
> Looking at the packet, the "authentications that can continue" string
> is "publickey,password,". Note the trailing comma. lsh parses this as
> a list with three elements "publickey", "password", "". And it
> considers empty algorithm names as a protocol error and disconnects.

I'd say this is a bug in 2.0.13.

> Am I being overly pedantic, or should empty algorithm names be treated
> as errors?

Probably should.

> Another question is how to interpret the list "" (which makes sense
> for instance in the languages_client_to_server list). Is that an empty
> list, or a list containing a single empty string?Ruling out empty
> strings resolves that ambiguity, making sure that "" can only be
> interpreted as an empty list.

I see it as an empty list in this context.

> I'd like to edit the architecture draft as follows,
> 
> Current text:
> 
[SNIP]
>   
>   In this protocol, all algorithm identifiers MUST be printable US-ASCII
>   strings no longer than 64 characters.  Names MUST be case-sensitive.
> 
> Proposal: Replace the last paragraph with
> 
>   In this protocol, all algorithm identifiers MUST be printable
>   US-ASCII non-empty strings no longer than 64 characters. Names MUST
>   be case-sensitive.
> 
> It may also be a good idea to specify the format for comma-separated
> lists once, in the architecture document. Proposal, to be added to
> section 4, "Data Type Representations Used in the SSH Protocols" in
> the architecture document:

Both suggestions seem fine to me.

Cheers,
-- 
[sjl%ssh.com@localhost          --  Sami J. Lehtinen  --           sjl%iki.fi@localhost]
[work:+358 20 5007425][gsm:+358 40 864 3001][http://www.iki.fi/~sjl]
[SSH Communications Security Corp               http://www.ssh.com/]

References:
- The algorithm name ""
  - From: Niels Möller

Prev by Date: Small modification to allow application proxies
Next by Date: Re: Small modification to allow application proxies
Previous by Thread: The algorithm name ""
Next by Thread: I-D ACTION:draft-ietf-secsh-dh-group-exchange-01.txt
Indexes:

Home | Main Index | Thread Index | Old Index