IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: SSH_MSG_KEXGSS_HOSTKEY (was: Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt)
> But, again, we have the problem that any such messages would not be
> factored into the session ID, thus making downgrade attacks possible.
Are we discussing the mechanism for sending host keys after key
exchange? If so, the answer is that you wait until after the
SSH_MSG_NEWKEYS, since the whole point of that is to provide keys that
will be useful for rekeying and or for host key veriftication in key
exchange in future connections.
As for SSH_MSG_KEXINIT2, I believe I explained how I propose to
prevent downgrade attacks.
Home |
Main Index |
Thread Index |
Old Index