IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
draft-ietf-secsh-dh-group-exchange-01.txt
In Section 7 of the dh-group-exchange draft there is an attempt
to address backwards compatibility with the previous version of the draft
by renumbering the SSH_MSG_KEX_DH_GEX_REQUEST message.
This really only addresses backwards compatibility for an old client
connecting to a new server but not a new client connecting to an old server.
Looking at the current OpenSSH sources it seems this problem was known
since there is code to match against the peer's version number to choose
which of SSH_MSG_KEX_DH_GEX_REQUEST or SSH_MSG_KEX_DH_GEX_REQUEST_OLD to
send.
Matching against the peer's version number to try and work out which
version of a particlar draft they implemented doesn't seem like a good idea.
However anyone implementing this draft now will get the correct behaviour,
the only issue is with servers that implemented -00 but aren't known to
the OpenSSH compat "magic" compat code.
The only thing I can suggest for the draft at the moment is to make it
clear that the compatibility is only in one direction.
--
Darren J Moffat
Home |
Main Index |
Thread Index |
Old Index