IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Application data during key re-exchange



Bill Sommerfeld <sommerfeld%orchard.arlington.ma.us@localhost> writes:

> I simply don't see this as a showstopper.

The primary reason my current code behaves the way it does is that it
was a lot simpler, and I didn't see any security reasons to disallow
other messages during key re-exchange, not that I have experienced
freezes during key re-exchange and found them unacceptable.

While waiting for the remote end to do its part of the key (re)exchange,
my code spends its time in its select loop. When events occur (say,
the user typed some characters, or a shell died and sent SIGCHLD
to the server), ssh messages are generated and they are encrypted and put
into the same write queue as all other messages on that connection.

To get this right, and make sure I never send any application messages
during key exchange, I will have to introduce another queue where any
"application" messages generated during key key-exchange are put, to
be sent after the keyexchange is finished. And I must also arrange
that I temporarily stop reading channel sources that can generate a
lot of data, to keep the size of the new queue from growing large.

Not a big deal, but it makes the code more complex.

Regards,
/Niels



Home | Main Index | Thread Index | Old Index