IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: draft-harris-ssh-rsa-kex-01



In article <200505030918.FAA10846%Sparkle.Rodents.Montreal.QC.CA@localhost> you write:
>I was just working on implementing draft-harris-ssh-rsa-kex-01, and I
>ran into a question.
>
>Everything is clear for the first kex.  But what about re-keying?  Is
>the server reusing the same K_T as for a previous kex a MUST, SHOULD,
>MAY, SHOULD NOT, or MUST NOT?

My intention was that different key exchanges (whether in the same or
different sessions) SHOULD use different RSA keys, largely so as to limit
that number of session keys that an attacker gains access to by cracking a
single RSA key.  I seem to have forgotten to actually write that down
anywhere, though.  I'll fix that in -02.

This does make rekeying a bit of a pain for a single-threaded (or rather,
single-thread-per-session) server, but that's why it's a SHOULD.

-- 
Ben Harris



Home | Main Index | Thread Index | Old Index