timing of banner

To: <ietf-ssh%NetBSD.org@localhost>
Subject: timing of banner
From: "denis bider" <ietf-ssh%denisbider.com@localhost>
Date: Wed, 19 Jan 2005 04:08:09 +0100

In [SSH-USERAUTH], I suggest the following clarification:

Now:

   The SSH server may send a SSH_MSG_USERAUTH_BANNER message at any time
before authentication is successful.

Suggested (short and sufficient):

   The SSH server may send a SSH_MSG_USERAUTH_BANNER message at any time
after this authentication protocol starts and before authentication is
successful.

Alternative (longer and more informative):

   The SSH server may send a SSH_MSG_USERAUTH_BANNER message at any time
before authentication is successful.  Note however that, like other message
types defined in this document, this message is part of the authentication
protocol, so it also MUST NOT be sent before the authentication protocol is
requested.

Rationale: 

   From the current wording, superficial implementors, which more frequently
than not fail to differentiate between SSH protocol layers, may conclude
that it is OK to send the BANNER message even before the service request for
"ssh-userauth" has been received. My clarification aims to prevent this
misinterpretation and to affirm that, since the BANNER message is part of
the ssh-userauth protocol, it is incorrect to send it before the
ssh-userauth layer is started. This helps implementors which implement SSH
layers separately, thus encountering difficulties when boundaries between
layers are incorrectly breached.

denis

Follow-Ups:
- Re: timing of banner
  - From: Chris Lonvick

Prev by Date: RE: UTF8
Next by Date: Re: UTF8
Previous by Thread: Channel window limits
Next by Thread: Re: timing of banner
Indexes:

Home | Main Index | Thread Index | Old Index