Re: Core draft last call update.

To: Markus Friedl <markus%openbsd.org@localhost>
Subject: Re: Core draft last call update.
From: "Andersson, Mats" <mats.andersson%appgate.com@localhost>
Date: Wed, 13 Mar 2002 09:03:43 +0100 (CET)

On Tue, 12 Mar 2002, Markus Friedl wrote:
> > > BTW, which implementations set the first_kex_packet_follows flag in
> > > the SSH_MSG_KEXINIT? Perhaps we should evaluate that feature before
> > 
> > I believe SSH Communications is the only
> 
> Who understands how first_kex_packet_follows is supposed to work?

I've not used it and haven't contemplated it much though my interpretation
(implementation) of it is:

wrongguess = "
   o  the kex algorithm and/or the host key algorithm is guessed wrong
      (server and client have different preferred algorithm), or
   o  if any of the other algorithms cannot be agreed upon (the
      procedure is defined below in Section Section 5.1)."

if(wronguess && first_kex_packet_follows) {
	<discard next received packet>
}

E.g. a guessing client just sends SSH_MSG_KEXDH_INIT directly after
SSH_MSG_KEXINIT, if it discovers that this is wrong (according to above)  
it knows that it can safely just retransmit some other KEX method's init.

Cheers,

/Mats

References:
- Re: Core draft last call update.
  - From: Markus Friedl

Prev by Date: Re: Application data during key re-exchange
Next by Date: Re: Please review draft-ietf-secsh-agent-00.txt
Previous by Thread: Re: Core draft last call update.
Next by Thread: Re: Core draft last call update.
Indexes:

Home | Main Index | Thread Index | Old Index