IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: applying AES-GCM to secure shell: proposed "tweak"



> Given that key exchange is not retriable I think the best thing to do
> is to ignore [the currently-0 last field of SSH_MSG_KEXNIIT] and
> always place a zero there until we define its meaning.  That will
> allow us to use it to negotiate new features when both the client and
> server advertise them (non-zero values).

Not without breaking interoperability with existing implementations
that check that the field is zero.

Or do you maintain that there are no such?  Or that interoperability
with them doesn't matter?  I find the latter severely busted and the
former unlikely, especially since the spec does not even suggest, much
less specify, behaviour for an implementation which encounters a value
for that field that it doesn't understand.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B



Home | Main Index | Thread Index | Old Index