Protocol ambiguity: want_reply vs CHANNEL_CLOSE

To: ietf-ssh%netbsd.org@localhost
Subject: Protocol ambiguity: want_reply vs CHANNEL_CLOSE
From: Simon Tatham <anakin%pobox.com@localhost>
Date: Fri, 04 Apr 2014 10:58:47 +0100

I think this list still reaches a reasonable number of SSH
implementors. I'd like to see if we can get a consensus on the
following problem.

Suppose two SSH implementations have a channel open between them.
Party A sends an SSH_MSG_CHANNEL_REQUEST of some kind, with the
want_reply flag set. Party B, meanwhile, independently decides to
initiate shutdown of the channel, and sends SSH_MSG_CHANNEL_CLOSE.
These two messages cross in the network, so that B receives the
channel request after it's already sent a close message for that
channel.

Should B send a reply?

I think you can argue it either way from the spec. RFC 4254 section
5.4 says that channel requests must be replied to if they have
want_reply set, and doesn't make any exception for channels in the
middle of closing, which supports the answer 'yes'. Then again,
section 5.3 says that after a party has both sent and received CLOSE,
the channel is defunct and its number can be reused, which supports
the answer 'no' (because, if B does reply, what if that reply crosses
with A's responding close message? Then B's reply would arrive at A
after A has both sent and received CLOSE).

So I think this is a genuine ambiguity in the RFC. Moreover, I've
observed SSH servers disagreeing on whether to reply, which makes it
fiddly to implement a policy at the request-sending end that handles
both kinds of server.

Would anyone like to state an opinion on what ought to happen about
this? I can think of two reasonably sensible options:

 (a) Issue a clarifying RFC that resolves the ambiguity by designating
     one or other behaviour as correct, and consider implementations
     doing the other thing to have a bug requiring a fix.

 (b) Issue an RFC specifying a protocol extension that allows an
     implementation to advertise which interpretation it will follow
     (since either behaviour is easy to cope with if you know which
     one you're talking to). I suppose we'd still have to decide on
     the default answer in the absence of such an advertisement.

Cheers,
Simon
-- 
Simon Tatham         "The distinction between the enlightened and the
<anakin%pobox.com@localhost>    terminally confused is only apparent to the latter."

Follow-Ups:
- Re: Protocol ambiguity: want_reply vs CHANNEL_CLOSE
  - From: Damien Miller
- Re: Protocol ambiguity: want_reply vs CHANNEL_CLOSE
  - From: Niels Möller
- Re: Protocol ambiguity: want_reply vs CHANNEL_CLOSE
  - From: Matt Johnston

Prev by Date: Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_xxx_GCM_SHAxxx
Next by Date: Re: Protocol ambiguity: want_reply vs CHANNEL_CLOSE
Previous by Thread: Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_xxx_GCM_SHAxxx
Next by Thread: Re: Protocol ambiguity: want_reply vs CHANNEL_CLOSE
Indexes:

Home | Main Index | Thread Index | Old Index