IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Application data during key re-exchange
On 12 Mar 2002, Niels Möller wrote:
> Another possible interpretation is that the only messages that can be
> sent between KEXINIT and NEWKEYS are key-exchange messages and DEBUG,
> DISCONNECT and IGNORE. Then all channels on the connection will freeze
> completely during the entire key exchange process, which seems
> undesirable, in particular with slow connections and machines. For
This is my interpretation. And how our implementation works (seems
cleanest doesn't it?). In our case it's also the most sensible thing to do
to disallow traffic from higher layers during keyexchange since we have a
multi-threaded implementation which would end up more complex and with
some extra unnecessary synchronization (i.e. checks for keyexchange in
progress). Given that the key-reexchange comes once an hour (or after one
GB data) it doesn't seem much of an issue IMHO.
Cheers,
/Mats
Home |
Main Index |
Thread Index |
Old Index