IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
implicit authentication and waiting for service request response
I find the below wording still confusing.
What's the idea of waiting for the server's response to the service request?
What is it for? If the server has already proven that it knows the shared
secret K by sending a corresponding MAC, which the client has, if I assume
correctly, verified - what gives? Why the "MUST" wait for the response to
the service request?
I'm probably lacking background here to understand this, but if I lack the
background after working in SSH for years, this will also be a mystery to
new implementors. I'd like this to be clear and explicit enough at least for
me to understand it.
: A key exchange method uses "explicit server authentication" if the
: key exchange messages include a signature or other proof of the
: server's authenticity. A key exchange method uses "implicit server
: authentication" if, in order to prove its autenticity, the server
: also has to prove that it knows the shared secret K, by sending a
: message and a corresponding MAC which the client can verify. [1]
:
: The key exchange method defined by this document uses explicit server
: authentication. However, key exchange methods with implicit server
: authentication MAY be used with this protocol. After a key exchange
: with implicit server authentication, the client MUST wait for
: response to its service request message before sending any further
: data.
Home |
Main Index |
Thread Index |
Old Index