Re: Transport I-D: KEXINIT reserved field needs description

To: ietf-ssh%NetBSD.org@localhost, z3p%twistedmatrix.com@localhost
Subject: Re: Transport I-D: KEXINIT reserved field needs description
From: pgut001%cs.auckland.ac.nz@localhost (Peter Gutmann)
Date: Wed, 23 Jul 2003 16:20:12 +1200

"Paul Swartz" <z3p%twistedmatrix.com@localhost> writes:
>On 22 Jul 2003 at 15:44, Nicolas Williams wrote:
>>For those whose implementations ignore additional data past the reserved
>>field, is that data included in the key exchange hash?
>
>Yes, Conch includes the entire packet, regardless of how much of the packet
>it parses.

Same with cryptlib (or at least it would if it didn't reject the packet for
having undefined extra data after the reserved field - if an extension
mechanism is defined in the future, it's a one-line change to accomodate it by
not rejecting the packet).

Speaking of extensions, it would be useful when/if these are defined to have a
per-extension flag indicating that an inability to process the extension
should be treated as a fatal error vs. simply ignoring the extension, which I
assume would be the default action.

Peter.

Prev by Date: Re: Transport I-D: KEXINIT reserved field needs description
Next by Date: Re: Transport I-D: KEXINIT reserved field needs description
Previous by Thread: Re: Transport I-D: KEXINIT reserved field needs description
Next by Thread: public key subsystem document.
Indexes:

Home | Main Index | Thread Index | Old Index