Re: Some questions about "SSH Transport Layer Encryption Modes"

To: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Subject: Re: Some questions about "SSH Transport Layer Encryption Modes"
From: Markus Friedl <markus%openbsd.org@localhost>
Date: Sat, 18 Oct 2003 14:33:49 +0200

On Sat, Oct 18, 2003 at 06:56:35PM +1300, Peter Gutmann wrote:
> Markus Friedl <markus%openbsd.org@localhost> writes:
> 
> >i think this has been discussed before.
> 
> Hmm, I think "debated without clear resolution" might be a better description,
> if you're referring to the debate from about two years ago.  Specifically, the
> exact message/data flow was never totally resolved.

Hm, AFAIK we agreed, that after sending KEXINIT you MUST NOT send
messages of type > 49 (i.e. only transport layer messages are
allowed) until you send NEWKEYS.

As a consequence OpenSSH's implementation of rekeying was changed.

Changing this now again will very likely break interoperabitily.

-m

References:
- Re: Some questions about "SSH Transport Layer Encryption Modes"
  - From: Peter Gutmann

Prev by Date: Re: Some questions about "SSH Transport Layer Encryption Modes"
Next by Date: Re: Some questions about "SSH Transport Layer Encryption Modes"
Previous by Thread: Re: Some questions about "SSH Transport Layer Encryption Modes"
Next by Thread: Re: Some questions about "SSH Transport Layer Encryption Modes"
Indexes:

Home | Main Index | Thread Index | Old Index