Re: SSH_MSG_KEXGSS_HOSTKEY (was: Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt)

To: "Joel N. Weber II" <ietf-secsh%joelweber.com@localhost>
Subject: Re: SSH_MSG_KEXGSS_HOSTKEY (was: Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt)
From: Nicolas Williams <Nicolas.Williams%sun.com@localhost>
Date: Thu, 17 Jul 2003 13:07:35 -0700

On Thu, Jul 17, 2003 at 03:46:11PM -0400, Joel N. Weber II wrote:
> > But, again, we have the problem that any such messages would not be
> > factored into the session ID, thus making downgrade attacks possible.
> 
> Are we discussing the mechanism for sending host keys after key
> exchange?  If so, the answer is that you wait until after the
> SSH_MSG_NEWKEYS, since the whole point of that is to provide keys that
> will be useful for rekeying and or for host key veriftication in key
> exchange in future connections.

I was discussing the mechanism by which we extend the kex part of the
protocol.  While I agree with your comment about the mechanism for
sending host keys after kex, you suggested a negotiation method that
would apply also to extending the kex phase:

On Thu, Jul 17, 2003 at 03:21:39PM -0400, Joel N. Weber II wrote:                                             
> So I see no reason why the working group can't declare that there will                                      
> be an SSH_MSG_KEXINIT2 which has a numeric value of 22, and                                                 
> SSH_MSG_HOST_KEYS_REQ can be 23, and SSH_MSG_HOST_KEYS_REP can be 24.                                       
> (Or we could pick other numbers.  It isn't important what the numbers                                       
> are as long as we agree on them and nobody is using them for something                                      
> else.)  And unless someone knows that there are buggy implementations                                       
> out there, we can assume that ``negotiation'' will happen when                                              
> SSH_MSG_UNIMPLEMENTED gets sent.                                                                            


On Thu, Jul 17, 2003 at 03:46:11PM -0400, Joel N. Weber II wrote:
> As for SSH_MSG_KEXINIT2, I believe I explained how I propose to
> prevent downgrade attacks.

Remind me?

Nico
--

References:
- Re: SSH_MSG_KEXGSS_HOSTKEY (was: Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt)
  - From: Nicolas Williams
- Re: SSH_MSG_KEXGSS_HOSTKEY (was: Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt)
  - From: Jeffrey Hutzelman
- Re: SSH_MSG_KEXGSS_HOSTKEY (was: Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt)
  - From: Nicolas Williams
- Re: SSH_MSG_KEXGSS_HOSTKEY (was: Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt)
  - From: Joel N. Weber II
- Re: SSH_MSG_KEXGSS_HOSTKEY (was: Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt)
  - From: Nicolas Williams
- Re: SSH_MSG_KEXGSS_HOSTKEY (was: Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt)
  - From: Joel N. Weber II

Prev by Date: Re: SSH_MSG_KEXGSS_HOSTKEY (was: Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt)
Next by Date: Re: SSH_MSG_KEXGSS_HOSTKEY (was: Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt)
Previous by Thread: Re: SSH_MSG_KEXGSS_HOSTKEY (was: Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt)
Next by Thread: Re: SSH_MSG_KEXGSS_HOSTKEY (was: Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt)
Indexes:

Home | Main Index | Thread Index | Old Index