IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Updated RSA SHA-2 draft / New draft: SSH Extension Negotiation
denis bider <ietf-ssh3%denisbider.com@localhost> writes:
> It seems to me that SSH needs a proper extension mechanism to avoid
> version-string-based hacks and other kinds of hacks.
Maybe. But please don't mix that up with the simpler issue of algorithm
updates.
> - Does not make signature algorithm information available in time for
> the client's first user auth request. This costs a round-trip if the
> client's first guess is incorrect.
Note that's what relevant for public key user auth isn't really the
algorithms supported by the server, but the algorithms of the keys which
are actually authorized for login. It makes some sense to filter
available keys depending on what the server supports, but I don't think
it will make much of a practical difference.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.
Home |
Main Index |
Thread Index |
Old Index