Re: Some questions about "SSH Transport Layer Encryption Modes"

[Markus Friedl <markus%openbsd.org@localhost>]

On Sat, Oct 18, 2003 at 06:23:25PM -0400, Jeffrey Hutzelman wrote:
>      More application data may be sent after the SSH_MSG_NEWKEYS packet
>      has been sent; key exchange does not affect the protocols that lie
>      above the SSH transport layer.
> 
> That last sentence is _extremely_ ambiguous.  It could be read to mean the 
> behaviour which Markus described, in which application data (and, in fact, 
> anything above the transport layer) is simply suspended until rekeying is 
> complete.  Or, it could be read to mean that application data continues to 
> flow during the rekey.  I think if I were a new SSH implementor, working in 
> a vacuum, I'd read it to mean that higher-layer protocols are _not_ 
> suspended.  So if that's not what we mean, then maybe this needs to be 

but that could result in the higher layer using the
old keying material forever.

> clarified.  Bleah.

I wrote earlier:

> Date: Wed, 4 Apr 2001 12:00:54 +0200
> From: Markus Friedl <Markus.Friedl%informatik.uni-erlangen.de@localhost>
> To: ietf-ssh%netbsd.org@localhost
> Cc: Mats Andersson <mats%mindbright.se@localhost>
> Subject: Re: Key Re-Exchange
> Message-ID: <20010404120054.B28718%faui02.informatik.uni-erlangen.de@localhost>
> References: <Pine.BSO.4.21.0104041024530.30096-100000%mindterm.appgate.com@localhost> <Pine.BSO.4.21.0104041138300.30096-100000%mindterm.appgate.com@localhost>
> In-Reply-To: <Pine.BSO.4.21.0104041138300.30096-100000%mindterm.appgate.com@localhost>; from mats%mindbright.se@localhost on Wed, Apr 04, 2001 at 11:55:40AM +0200
>
>
> I think that the draft should point out that a sender MUST NOT send
> non-KEX messages after he _sent_ a KEXINIT message. he has to delay all
> non-KEX messages until he has sent the NEWKEYS message.
>

I remember a mail from Tatu about this issue, but I
cannot find this right now...