Re: Updated RSA SHA-2 draft / New draft: SSH Extension Negotiation

To: denis bider <ietf-ssh3%denisbider.com@localhost>
Subject: Re: Updated RSA SHA-2 draft / New draft: SSH Extension Negotiation
From: nisse%lysator.liu.se@localhost (Niels Möller)
Date: Fri, 13 Nov 2015 09:16:28 +0100

denis bider <ietf-ssh3%denisbider.com@localhost> writes:

> It seems to me that SSH needs a proper extension mechanism to avoid
> version-string-based hacks and other kinds of hacks.

Maybe. But please don't mix that up with the simpler issue of algorithm
updates.

> - Does not make signature algorithm information available in time for
> the client's first user auth request. This costs a round-trip if the
> client's first guess is incorrect.

Note that's what relevant for public key user auth isn't really the
algorithms supported by the server, but the algorithms of the keys which
are actually authorized for login. It makes some sense to filter
available keys depending on what the server supports, but I don't think
it will make much of a practical difference.

Regards,
/Niels

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.

References:
- Re: Updated RSA SHA-2 draft / New draft: SSH Extension Negotiation
  - From: denis bider

Prev by Date: Re: Updated RSA SHA-2 draft / New draft: SSH Extension Negotiation
Next by Date: Re: DH group exchange (Re: SSH key algorithm updates)
Previous by Thread: Re: Updated RSA SHA-2 draft / New draft: SSH Extension Negotiation
Next by Thread: Re: Updated RSA SHA-2 draft / New draft: SSH Extension Negotiation
Indexes:

Home | Main Index | Thread Index | Old Index