Re: Some questions about "SSH Transport Layer Encryption Modes"

To: Jon Bright <jon%siliconcircus.com@localhost>
Subject: Re: Some questions about "SSH Transport Layer Encryption Modes"
From: Derek Fawcus <dfawcus%cisco.com@localhost>
Date: Mon, 20 Oct 2003 14:01:40 +0100

On Mon, Oct 20, 2003 at 02:43:02PM +0200, Jon Bright wrote:
> Derek Fawcus wrote:
> 
> > Well one problem here is that I believe there is at least one
> > implementation, which does not respond with SSH_MSG_UNIMPLEMENTED
> > to unknown messages.
> 
> I've no direct opinion on the rekeying issue, but I don't believe it's 
> unreasonable to treat such implementations as broken and exclude them 
> from discussions about extensions.

Well,  I'd have to rescan my mailbox to see who's implementation that was.
But as I recall,  he claimed it was done for security reasons...

I do consider that class of "bug" to be different to the bugs in some
implementations that require workarounds in other implementations.

> There is, however, a second point 
> against using SSH_MSG_UNIMPLEMENTED, namely that there's no indication 
> within the message about *which* message was unimplemented.

Well - there is the sequence number...

> Short of 
> keeping buffers of what's been sent and working out which packet is a 
> response to what, which is probably impractical and certainly 
> unpleasant,

Well at the point where I suggested sending it,  there would be a pause
anyway.  It's the initial key exchange.  So it would be relatively easy
to keep a record of which sequence number the unknown message was sent
with,  and hence match up the replay.  i.e. no long list of buffers.

However,  we're anticipating that _this_ message may get a response of
unimplemented.  So we record just the sequence numeber of _this_ message,
and if an unimplemented message comes back with this sequence number,
we know it's the one we were anticipating.

Moreover,  the initial key exchange would be done without allowing higher
layer messages between the KEXINIT and NEWKEYS.  Thereafter if this
negotiation (for this extension) worked,  one wouldn't have to track
the sequence numbers again.

> it's not possible to use .._UNIMPLEMENTED for implementing 
> extensions anyway.

Huh?  Why not?   I just sketched out one way to do it.  Or are you
stating that it's ugly to do so,  hence we shouldn't.

One has to ask what purpose UNIMPLEMENTED serves if not as an escape
for extensions.

DF

References:
- Re: Some questions about "SSH Transport Layer Encryption Modes"
  - From: Markus Friedl
- Re: Some questions about "SSH Transport Layer Encryption Modes"
  - From: Bill Sommerfeld
- Re: Some questions about "SSH Transport Layer Encryption Modes"
  - From: Derek Fawcus
- Re: Some questions about "SSH Transport Layer Encryption Modes"
  - From: Jon Bright

Prev by Date: Re: Some questions about "SSH Transport Layer Encryption Modes"
Next by Date: Re: Some questions about "SSH Transport Layer Encryption Modes"
Previous by Thread: Re: Some questions about "SSH Transport Layer Encryption Modes"
Next by Thread: Re: Some questions about "SSH Transport Layer Encryption Modes"
Indexes:

Home | Main Index | Thread Index | Old Index