Re: Implementation support for SSH_MSG_UNIMPLEMENTED

To: ietf-ssh%NetBSD.org@localhost, Nicolas.Williams%sun.com@localhost
Subject: Re: Implementation support for SSH_MSG_UNIMPLEMENTED
From: pgut001%cs.auckland.ac.nz@localhost (Peter Gutmann)
Date: Thu, 24 Jul 2003 13:38:55 +1200

[I've made this a public reply because it contains a point that may be worth
 considering]

>Are there any implementations which do not respond with SSH_MSG_UNIMPLEMENTED
>to unknown packet types during the key exchange phase of the protocol?

I don't, but that can be fixed if it becomes a critical requirement of the
protocol.  The reason I don't is that I always send the minimal amount of info
in error returns for any protocol I do (SSH/SSL/CMP/TSP/RTCS/OCSP/etc), which
has saved me from at least two attacks on SSL and probably attacks on other
protocols as well.  In other words if the protocol requires a certain response
in order to function I'll do it, but if it's merely a nicety for debugging,
I'll send the most generic response I can get away with.

Peter.

Follow-Ups:
- Re: Implementation support for SSH_MSG_UNIMPLEMENTED
  - From: Joel N. Weber II

Prev by Date: Re: Publickey subsystem draft posted
Next by Date: Re: Transport I-D: KEXINIT reserved field needs description
Previous by Thread: Implementation support for SSH_MSG_UNIMPLEMENTED
Next by Thread: Re: Implementation support for SSH_MSG_UNIMPLEMENTED
Indexes:

Home | Main Index | Thread Index | Old Index