draft-ietf-secsh-dh-group-exchange-01.txt

To: ietf-ssh%netbsd.org@localhost
Subject: draft-ietf-secsh-dh-group-exchange-01.txt
From: Darren Moffat <Darren.Moffat%eng.sun.com@localhost>
Date: Thu, 9 Aug 2001 15:53:03 -0700 (PDT)

In Section 7 of the dh-group-exchange draft there is an attempt
to address backwards compatibility with the previous version of the draft
by renumbering the SSH_MSG_KEX_DH_GEX_REQUEST message.

This really only addresses backwards compatibility for an old client 
connecting to a new server but not a new client connecting to an old server.

Looking at the current OpenSSH sources it seems this problem was known
since there is code to match against the peer's version number to choose
which of SSH_MSG_KEX_DH_GEX_REQUEST or SSH_MSG_KEX_DH_GEX_REQUEST_OLD to
send.

Matching against the peer's version number to try and work out which
version of a particlar draft they implemented doesn't seem like a good idea.

However anyone implementing this draft now will get the correct behaviour,
the only issue is with servers that implemented -00 but aren't known to
the OpenSSH compat "magic" compat code.

The only thing I can suggest for the draft at the moment is to make it
clear that the compatibility is only in one direction.

--
Darren J Moffat

Prev by Date: Re: global and channel requests -- more information on failure, more flexibility on success
Next by Date: Re: global and channel requests -- more information on failure, more flexibility on success
Previous by Thread: x.509v3 certificates...
Next by Thread: Re: draft-ietf-secsh-dh-group-exchange-01.txt
Indexes:

Home | Main Index | Thread Index | Old Index