IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

data during rekey?



transport-17 says that

   Implementations MUST NOT accept any other messages after key exchange
   before receiving SSH_MSG_NEWKEYS.

But what about _during_ key exchange?  That is, after KEXINIT but
before the last message of the key exchange?  Must all packets from
KEXINIT through NEWKEYS be transport layer, or is it permissible to
exchange higher-layer packets during that interval?  (Obviously this
can't be done for the first key exchange, but it makes sense when
rekeying.)

Also, when the draft says that an implementation mustn't "accept"
messages, what should it do if any are received?  Silently drop them?
Or is this a protocol error on the part of the host who sent them, to
be treated however the receiver handles protocol errors?

I'll be happy to write the new text for the draft, once I know what it
should say. :-)

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse%rodents.montreal.qc.ca@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B



Home | Main Index | Thread Index | Old Index