RE: Feedback on draft-ssh-ext-info-00

To: Damien Miller <djm%mindrot.org@localhost>, denis bider <ietf-ssh3%denisbider.com@localhost>
Subject: RE: Feedback on draft-ssh-ext-info-00
From: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Date: Sat, 5 Dec 2015 23:42:30 +0000

Damien Miller <djm%mindrot.org@localhost> writes:

>I'll repeat my opinion: an extension mechanism is not the place to
>fundamentally retcon parts of the protocol. 

Why not?  I would have thought that's what it was there for.  TLS has been
using extensions to fix protocol problems for years without any real problems.
Taking one case that I'm pretty familiar with, the encrypt-then-MAC extension,
the impact was very minimal, you add an entry to an extension en/decoding
table, and then have a boolean flag to swap the order of calls to encrypt and
MAC routines.  It was, I dunno, maybe a dozen lines of code and a hour's work
to fix a problem that had been plagueing the protocol for at least fifteen
years.  It's a really easy way to fix issues in the protocol, I just wish SSH
had had an extension mechanism of the kind that Denis is working on a long
time ago.

Peter.

References:
- Re: Feedback on draft-ssh-ext-info-00
  - From: denis bider
- Re: Feedback on draft-ssh-ext-info-00
  - From: Damien Miller

Prev by Date: RE: SSH v3?
Next by Date: RE: SSH v3?
Previous by Thread: Re: Feedback on draft-ssh-ext-info-00
Next by Thread: Re: Feedback on draft-ssh-ext-info-00
Indexes:

Home | Main Index | Thread Index | Old Index