RE: [saag] potential new wg - curdle...

[Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>]

Mark D. Baushke <mdb%juniper.net@localhost> writes:

>I am not sure that first_kex_packet_follows would guess properly because the
>first listed algorithm must be the same on both sides and I am not sure that
>will be true very often given the number of different host key algorithms
>that exist.

How widely is first_kex_packet_follows used in practice?  That's another thing
I'd like to see deprecated in any future changes (see the SimpleSSH proposal I
mentioned a week or so back), it vastly complicates the handshake when you
have to guess at things and potentially roll back to the previous state and
try again.  Best-case if you've got identical, identially-configured
implementations at both ends you save a whole RTT, but more common case you
have a lot of extra complexity and overhead as you roll back from the
incorrectly-guessed keyex and try again.

Peter.