IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [Jeffrey Hutzelman <jhutz%cmu.edu@localhost>: Re: Implementation support for SSH_MSG_UNIMPLEMENTED]



Peter Gutmann wrote:

Jeffrey Hutzelman <jhutz%cmu.edu@localhost> (via "Joel N. Weber II" <ietf-secsh%joelweber.com@localhost>) writes:


It's actually fairly important to send SSH_MSG_UNIMPLEMENTED when you get a
message you don't understand.


Right, but you're now acting as an oracle for an attacker by responding to
corrupted encrypted data differently depending on what the corruption is,
which is the exact problem that has hit SSL (several times).  I guess I can
respond with an "unimplemented" during the (non-secured) initial portions of
the handshake, but I think I'll stick with my generic "Sod off Baldrick"
response once things are encrypted, until there's an urgent need to do
otherwise.

Erm, you already respond differently to corrupted encrypted data depending on what the corruption is. Or don't you look at the message type field of a packet? Aside from that, you have a MAC to tell you whether the data's corrupted?

--
Jon Bright
Lead Programmer, Silicon Circus Ltd.
http://www.siliconcircus.com




Home | Main Index | Thread Index | Old Index