Re: retrying keyex (was: Re: Why SFTP performance sucks, and how to fix it)

To: "Joel N. Weber II" <ietf-secsh%joelweber.com@localhost>
Subject: Re: retrying keyex (was: Re: Why SFTP performance sucks, and how to fix it)
From: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Date: Wed, 16 Jul 2003 09:58:53 +0200 (CEST)

On Wed, 9 Jul 2003, Joel N. Weber II wrote:

> > > If you send the last message in a key exchange sequence, wait to see
> > > if SSH_MSG_NEWKEYS comes.  If it does, your peer accepted what you
> > > sent in that last message, and you can send SSH_MSG_NEWKEYS too.
> > > (This avoids having only one side use keys from a key exchange: you
> > > get either both or neither, which simplifies the session identifier
> > > question a bit.)
> >
> > If the client got an error from the peer then it knows that the
> > SSH_MSG_NEWKEYS won't come and so it can just try again immediately.
>
> True.
>
> The case I was thinking of, though, is the case where the client
> decides it doesn't trust the certificate presented by the server,

But this case is simple to handle -- you disconnect and try again.

Follow-Ups:
- Re: retrying keyex (was: Re: Why SFTP performance sucks, and how to fix it)
  - From: Nicolas Williams

References:
- Re: retrying keyex (was: Re: Why SFTP performance sucks, and how to fix it)
  - From: Joel N. Weber II

Prev by Date: Re: I-D ACTION:draft-ietf-secsh-gsskeyex-06.txt
Next by Date: Re: draft-ietf-secsh-gsskeyex-06.txt security considerations
Previous by Thread: Re: retrying keyex (was: Re: Why SFTP performance sucks, and how to fix it)
Next by Thread: Re: retrying keyex (was: Re: Why SFTP performance sucks, and how to fix it)
Indexes:

Home | Main Index | Thread Index | Old Index