Re: Feedback on draft-ssh-ext-info-00

To: Damien Miller <djm%mindrot.org@localhost>
Subject: Re: Feedback on draft-ssh-ext-info-00
From: nisse%lysator.liu.se@localhost (Niels Möller)
Date: Thu, 03 Dec 2015 09:31:34 +0100

Damien Miller <djm%mindrot.org@localhost> writes:

>> But but but I waaaant to replace this awful SSH_MSG_SERVICE_REQUEST. :)
>> 
>> Does no one agree that SERVICE_REQUEST + ACCEPT are pointless?
>>
>> A whole round-trip delay? For no benefit - in any known usage
>> scenario?

I think the entire point of the "awful" design, where you don't get a
second chance, just a disconnect in case the service isn't available, is
to eliminate that roundtrip delay.

You can send a service request for "ssh-userauth", followed back-to-back
by userauth requests for "none", PK_OK, whatever querying you like. And
one roundtrip later, you can compute the needed signature for a
likely successful publickey userauth request.

Regards,
/Niels

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.

Follow-Ups:
- Re: Feedback on draft-ssh-ext-info-00
  - From: denis bider

References:
- Re: Feedback on draft-ssh-ext-info-00
  - From: denis bider
- Re: Feedback on draft-ssh-ext-info-00
  - From: Damien Miller

Prev by Date: Re: Feedback on draft-ssh-ext-info-00
Next by Date: Re: Feedback on draft-ssh-ext-info-00
Previous by Thread: Re: Feedback on draft-ssh-ext-info-00
Next by Thread: Re: Feedback on draft-ssh-ext-info-00
Indexes:

Home | Main Index | Thread Index | Old Index