IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Core draft last call update.



> On Fri, 8 Mar 2002, Bill Sommerfeld wrote:
> > > Maybe I'm missing something,  but I can't see the need to disconnect
in this
> > > case,  as opposed to simply discarding these messages.
> >
> > I don't think think it's that simple.  Have you actually prototyped
> > this?
> >
> > Many of these message types are ones for which the client expects a
> > response -- simply discarding such requests on the server will confuse
> > and/or hang clients which were expecting responses.
> >
> > Any implementors want to comment on this in more detail?
>
> I can't see a big win in discard versus disconnect (especially since we
> are in last-call now, considering the earlier comments on last minute
> changes to the drafts...). Disconnect seems safer and easier to handle
> from a protocol-perspective. If you want to optimistally assume the
> authentication goes well and start higher-level traffic based on this
> assumption it is better to handle this by queueing this traffic until the
> authentication stage is done. There would be a marginal performance win of
> course, however the complexity in handling potentially discarded messages
> seems a high price for this. Since the whole transport setup and
> authentication stages are pretty slimmed down anyway, this wouldn't add
> much IMHO.

I agree with this.  The current language seems
safer and more likely to get us to RFC status
without any egg-on-face.

Complexity is the enemy.  Complexity introduces
bugs.  If it was just complexity in the client,
that the client could chose whether or not to
deal with, I might be more inclined to
'not care'.

But, it also introduces complexity in
the server (which in my opinion is more
sensitive to bugs.)  And the server
MUST bear that complexity.

If a server implements the current language,
there is very little chance of a packet
for a higher level being processed before
the user correctly authenticates (due
to server bug.)  Sure it could happen,
but it isn't likely.

On the other hand, it seems more likely
to happen with the new complexity.

Also, since we are in last call, we have
very little time to analyze the implications
and behaviors of the change.

It doesn't seem like we stand to gain
enough to take the risk.  Maybe we should
discuss it more for 2.1 after we've gotten
2.0 to RFC status.

- Joseph




Home | Main Index | Thread Index | Old Index