Re: Pending OpenSSH release: contains Kerberos/GSSAPI changes

[Sam Hartman <hartmans%mit.edu@localhost>]

I'd prefer client MAY mutual auth rather than client SHOULD NOT mutual
auth.

If the server does not implement gss-keyex then a sufficiently clever
client can get some of the benefits of gss-keyex in some situations by
requesting mutual.