Re: [Jeffrey Hutzelman <jhutz%cmu.edu@localhost>: Re: Implementation support for SSH_MSG_UNIMPLEMENTED]

To: ietf-secsh%joelweber.com@localhost, ietf-ssh%netbsd.org@localhost
Subject: Re: [Jeffrey Hutzelman <jhutz%cmu.edu@localhost>: Re: Implementation support for SSH_MSG_UNIMPLEMENTED]
From: pgut001%cs.auckland.ac.nz@localhost (Peter Gutmann)
Date: Fri, 25 Jul 2003 19:33:28 +1200

Jeffrey Hutzelman <jhutz%cmu.edu@localhost> (via "Joel N. Weber II" <ietf-secsh%joelweber.com@localhost>) writes:

>It's actually fairly important to send SSH_MSG_UNIMPLEMENTED when you get a
>message you don't understand.

Right, but you're now acting as an oracle for an attacker by responding to
corrupted encrypted data differently depending on what the corruption is,
which is the exact problem that has hit SSL (several times).  I guess I can
respond with an "unimplemented" during the (non-secured) initial portions of
the handshake, but I think I'll stick with my generic "Sod off Baldrick"
response once things are encrypted, until there's an urgent need to do
otherwise.

Peter.

Follow-Ups:
- Re: [Jeffrey Hutzelman <jhutz%cmu.edu@localhost>: Re: Implementation support for SSH_MSG_UNIMPLEMENTED]
  - From: Jon Bright

Prev by Date: Working group LAST CALL on draft-ietf-secsh-dh-group-exchange-04.txt
Next by Date: Re: [Jeffrey Hutzelman <jhutz%cmu.edu@localhost>: Re: Implementation support for SSH_MSG_UNIMPLEMENTED]
Previous by Thread: [Jeffrey Hutzelman <jhutz%cmu.edu@localhost>: Re: Implementation support for SSH_MSG_UNIMPLEMENTED]
Next by Thread: Re: [Jeffrey Hutzelman <jhutz%cmu.edu@localhost>: Re: Implementation support for SSH_MSG_UNIMPLEMENTED]
Indexes:

Home | Main Index | Thread Index | Old Index