Re: Implementation support for SSH_MSG_UNIMPLEMENTED

To: pgut001%cs.auckland.ac.nz@localhost (Peter Gutmann)
Subject: Re: Implementation support for SSH_MSG_UNIMPLEMENTED
From: "Joel N. Weber II" <ietf-secsh%joelweber.com@localhost>
Date: Thu, 24 Jul 2003 12:16:35 -0400

> >Are there any implementations which do not respond with SSH_MSG_UNIMPLEMENTED
> >to unknown packet types during the key exchange phase of the protocol?
>
> I don't, but that can be fixed if it becomes a critical requirement of the
> protocol.  The reason I don't is that I always send the minimal amount of info
> in error returns for any protocol I do (SSH/SSL/CMP/TSP/RTCS/OCSP/etc), which
> has saved me from at least two attacks on SSL and probably attacks on other
> protocols as well.  In other words if the protocol requires a certain response
> in order to function I'll do it, but if it's merely a nicety for debugging,
> I'll send the most generic response I can get away with.

The text of the protocol spec says that sending SSH_MSG_UNIMPLEMENTED
is mandatory, if I recall correctly.  Not implementing this according
to the spec makes interoperability harder when new features get added
later.

SSH_MSG_UNIMPLEMENTED is already fairly generic.

References:
- Re: Implementation support for SSH_MSG_UNIMPLEMENTED
  - From: Peter Gutmann

Prev by Date: Re: Publickey subsystem draft posted
Next by Date: I-D ACTION:draft-ietf-secsh-userauth-17.txt
Previous by Thread: Re: Implementation support for SSH_MSG_UNIMPLEMENTED
Next by Thread: I-D ACTION:draft-ietf-secsh-userauth-17.txt
Indexes:

Home | Main Index | Thread Index | Old Index