Re: Feedback on draft-ssh-ext-info-00

[denis bider <ietf-ssh3%denisbider.com@localhost>]

Point taken. You are probably right.

Niels Möller <nisse%lysator.liu.se@localhost> , 12/3/2015 10:59 AM:

Regarding sending SERVICE_REQUEST and userauth messages back-to-back,

denis bider <ietf-ssh3%denisbider.com@localhost> writes:

> I'm not sure that we have a guarantee that the server must properly
> handle this chaining.

Have you seen any implementations broken is this way?

I'd expect any reasonable server to process incoming messages properly,
and in case it for some reason isn't ready to process the next logical
message, simply delay reading and processing messages until it is ready.

After all, the protocol is very intentionally designed to minimize the
number of roundtrip delays.

> One would imagine people would not do this, but I've dealt with an
> implementation that discards KEXINIT if it's received in the same
> network frame as the SSH version string.

I think that's a different bug, and not very relevant. That's the point
where you switch from new-line-delimited text data to the binary data,
which needs some care to get right.

Regards,
/Niels

--
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.