Re: [Jeffrey Hutzelman <jhutz%cmu.edu@localhost>: Re: Implementation support for SSH_MSG_UNIMPLEMENTED]

To: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Subject: Re: [Jeffrey Hutzelman <jhutz%cmu.edu@localhost>: Re: Implementation support for SSH_MSG_UNIMPLEMENTED]
From: Jon Bright <jon%siliconcircus.com@localhost>
Date: Fri, 25 Jul 2003 09:52:05 +0200

Peter Gutmann wrote:

Jeffrey Hutzelman <jhutz%cmu.edu@localhost> (via "Joel N. Weber II" <ietf-secsh%joelweber.com@localhost>) writes:

It's actually fairly important to send SSH_MSG_UNIMPLEMENTED when you get a
message you don't understand.



Right, but you're now acting as an oracle for an attacker by responding to
corrupted encrypted data differently depending on what the corruption is,
which is the exact problem that has hit SSL (several times).  I guess I can
respond with an "unimplemented" during the (non-secured) initial portions of
the handshake, but I think I'll stick with my generic "Sod off Baldrick"
response once things are encrypted, until there's an urgent need to do
otherwise.

Erm, you already respond differently to corrupted encrypted datadepending on what the corruption is. Or don't you look at the messagetype field of a packet? Aside from that, you have a MAC to tell youwhether the data's corrupted?


--
Jon Bright
Lead Programmer, Silicon Circus Ltd.
http://www.siliconcircus.com

References:
- Re: [Jeffrey Hutzelman <jhutz%cmu.edu@localhost>: Re: Implementation support for SSH_MSG_UNIMPLEMENTED]
  - From: Peter Gutmann

Prev by Date: Re: [Jeffrey Hutzelman <jhutz%cmu.edu@localhost>: Re: Implementation support for SSH_MSG_UNIMPLEMENTED]
Next by Date: Re: Transport I-D: KEXINIT reserved field needs description
Previous by Thread: Re: [Jeffrey Hutzelman <jhutz%cmu.edu@localhost>: Re: Implementation support for SSH_MSG_UNIMPLEMENTED]
Next by Thread: Working group LAST CALL on draft-ietf-secsh-dh-group-exchange-04.txt
Indexes:

Home | Main Index | Thread Index | Old Index