Re: Application data during key re-exchange

To: sommerfeld%orchard.arlington.ma.us@localhost
Subject: Re: Application data during key re-exchange
From: nisse%lysator.liu.se@localhost (Niels Möller)
Date: 12 Mar 2002 19:50:48 +0100

Bill Sommerfeld <sommerfeld%orchard.arlington.ma.us@localhost> writes:

> I simply don't see this as a showstopper.

The primary reason my current code behaves the way it does is that it
was a lot simpler, and I didn't see any security reasons to disallow
other messages during key re-exchange, not that I have experienced
freezes during key re-exchange and found them unacceptable.

While waiting for the remote end to do its part of the key (re)exchange,
my code spends its time in its select loop. When events occur (say,
the user typed some characters, or a shell died and sent SIGCHLD
to the server), ssh messages are generated and they are encrypted and put
into the same write queue as all other messages on that connection.

To get this right, and make sure I never send any application messages
during key exchange, I will have to introduce another queue where any
"application" messages generated during key key-exchange are put, to
be sent after the keyexchange is finished. And I must also arrange
that I temporarily stop reading channel sources that can generate a
lot of data, to keep the size of the new queue from growing large.

Not a big deal, but it makes the code more complex.

Regards,
/Niels

References:
- Re: Application data during key re-exchange
  - From: Bill Sommerfeld

Prev by Date: Re: Application data during key re-exchange
Next by Date: Re: Core draft last call update.
Previous by Thread: Re: Application data during key re-exchange
Next by Thread: Re: Application data during key re-exchange
Indexes:

Home | Main Index | Thread Index | Old Index