IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Core draft last call update.



> On Mon, Mar 11, 2002 at 10:42:15AM -0700, Joseph Galbraith wrote:
> > > BTW, which implementations set the first_kex_packet_follows flag in
> > > the SSH_MSG_KEXINIT? Perhaps we should evaluate that feature before
> > > trying to optimize away some more roundtrips.
> > 
> > I believe SSH Communications is the only
> > implementation using this, but I'm not sure.
> 
> Who understands how first_kex_packet_follows is supposed to work?

I believe that the draft is accurate now
(it wasn't for a long time.)

Looking at the draft now, I could
wish that the description guessing
and when the guess was wrong was
grouped with the first_kex_packet_follows
instead of up above.

If the first_kex_packet_follows flag is
set, and the first item on the clients
list for public key or for key exchange
method does not match the first item
on the server list, the next packet
should be discarded as invalid.

If key exchange doesn't match, then
it is a packet for a key exchange
method that will not be run; and
in theory, the hostkey/public key
type could affect the first packet
sent, so this makes sense.

On the other hand, I'm less than
100% fond of this feature -- it seems
to add quite a bit of complexity for
a relatively small performance gain.

But I don't want to change it now :-)

- Joseph




Home | Main Index | Thread Index | Old Index