IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: retrying keyex (was: Re: Why SFTP performance sucks, and how to fix it)



On Wed, 9 Jul 2003, Joel N. Weber II wrote:

> > > If you send the last message in a key exchange sequence, wait to see
> > > if SSH_MSG_NEWKEYS comes.  If it does, your peer accepted what you
> > > sent in that last message, and you can send SSH_MSG_NEWKEYS too.
> > > (This avoids having only one side use keys from a key exchange: you
> > > get either both or neither, which simplifies the session identifier
> > > question a bit.)
> >
> > If the client got an error from the peer then it knows that the
> > SSH_MSG_NEWKEYS won't come and so it can just try again immediately.
>
> True.
>
> The case I was thinking of, though, is the case where the client
> decides it doesn't trust the certificate presented by the server,

But this case is simple to handle -- you disconnect and try again.





Home | Main Index | Thread Index | Old Index