IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Feedback on draft-ssh-ext-info-00



Appreciated. That looks like a good thing to have, I will request that we implement this.


Damien Miller <djm%mindrot.org@localhost> , 12/3/2015 4:08 AM:
On Thu, 3 Dec 2015, denis bider wrote:

> Another possible way to use the key exchange algorithms field for an
> extension in parallel with EXT_INFO might be to change the way SSH host key
> algorithms are negotiated, for example. The current negotiation rules have
> serious drawbacks, not least that the client has no way of learning the SSH
> server's other host keys if it already trusts one.

You might be interested in:

https://anongit.mindrot.org/openssh.git/tree/PROTOCOL?id=f0191d7c8#n284

Hostkey rotation within the current protocol with no messing around
with KEXINIT.

-d


Home | Main Index | Thread Index | Old Index