Re: draft-harris-ssh-rsa-kex-01

To: ietf-ssh%netbsd.org@localhost
Subject: Re: draft-harris-ssh-rsa-kex-01
From: Ben Harris <bjh21%bjh21.me.uk@localhost>
Date: Tue, 03 May 2005 12:00:53 +0100

In article <200505030918.FAA10846%Sparkle.Rodents.Montreal.QC.CA@localhost> you write:
>I was just working on implementing draft-harris-ssh-rsa-kex-01, and I
>ran into a question.
>
>Everything is clear for the first kex.  But what about re-keying?  Is
>the server reusing the same K_T as for a previous kex a MUST, SHOULD,
>MAY, SHOULD NOT, or MUST NOT?

My intention was that different key exchanges (whether in the same or
different sessions) SHOULD use different RSA keys, largely so as to limit
that number of session keys that an attacker gains access to by cracking a
single RSA key.  I seem to have forgotten to actually write that down
anywhere, though.  I'll fix that in -02.

This does make rekeying a bit of a pain for a single-threaded (or rather,
single-thread-per-session) server, but that's why it's a SHOULD.

-- 
Ben Harris

Follow-Ups:
- Re: draft-harris-ssh-rsa-kex-01
  - From: der Mouse

References:
- draft-harris-ssh-rsa-kex-01
  - From: der Mouse

Prev by Date: draft-harris-ssh-rsa-kex-01
Next by Date: Re: draft-harris-ssh-rsa-kex-01
Previous by Thread: draft-harris-ssh-rsa-kex-01
Next by Thread: Re: draft-harris-ssh-rsa-kex-01
Indexes:

Home | Main Index | Thread Index | Old Index