Re: draft-harris-ssh-rsa-kex-03

To: ietf-ssh%netbsd.org@localhost
Subject: Re: draft-harris-ssh-rsa-kex-03
From: Ben Harris <bjh21%bjh21.me.uk@localhost>
Date: Tue, 19 Jul 2005 21:27:47 +0100

In article <Pine.SOC.4.61.0507161620210.5824%libra.cus.cam.ac.uk@localhost> you write:
>Yet another RSA KEX draft has made it into the repository.  I hope this 
>represents the final version of the protocol

Of course, saying that was a good way to expose silly mistakes like, for
instance, having SSH_MSG_RSAKEX_PUBKEY containing K_T||K_S and the exchange
hash including K_S||K_T.  This isn't a security hole, but it's going to
confuse implementors, so there'll be a -04 in August that changes the order
of SSH_MSG_RSAKEX_PUBKEY.  Sorry about that.

-- 
Ben Harris

 (apart from moving its name 
>into the IETF namespace if it becomes an RFC), though probably not of the 
>document.  This version:
>
>1: goes back to using SHA-256 with 2048-bit RSA keys, since SHA-512 is
>    ludicrously slow.
>
>2: has the server send its host key to the client in SSH_MSG_KEXRSA_PUBKEY
>    rather than in SSH_MSG_KEXRSA_DONE.  This prevents the server
>    manipulating the exchange hash input by changing its public key.
>
>I hope you like it.
>
><http://www.ietf.org/internet-drafts/draft-harris-ssh-rsa-kex-03.txt>
>
>-- 
>Ben Harris

References:
- draft-harris-ssh-rsa-kex-03
  - From: Ben Harris

Prev by Date: Re: I-D ACTION:draft-ietf-secsh-x509-02.txt
Next by Date: Re: Start of WG Last Call on draft-ietf-secsh-gsskeyex-09.txt
Previous by Thread: draft-harris-ssh-rsa-kex-03
Next by Thread: Secure Shell WG non-meeting summary.
Indexes:

Home | Main Index | Thread Index | Old Index