On Tuesday, September 02, 2003 19:51:35 +0200 Markus Friedl <markus%openbsd.org@localhost> wrote:
On Tue, Sep 02, 2003 at 12:22:03PM -0400, Jeffrey Hutzelman wrote:My approach was to have new clients just send a new message containing the MIC, in place of the empty "exchange complete" message that current clients send. An old server receiving this new message would send SSH_MSG_UNIMPLEMENTED, and the new client would reply with the old completion message.but this would be a 'hack' not an improved replacement for "gssapi"
Well, a "replacement" would mean an incompatible mechanism, presumably with a new name. I was trying to avoid that, in part because I felt that extending an existing mechanism was preferable to inventing a new, almost-identical one, and I thought that implementors (including openssh) would feel the same way. In any case, I never actually made this proposal, so it's probably not worth picking it apart. I just wanted to give you an idea of what the alternative under discussion was when we decided to propose gssapi-mic.