IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
RE: Feedback on draft-ssh-ext-info-00
Damien Miller <djm%mindrot.org@localhost> writes:
>I'll repeat my opinion: an extension mechanism is not the place to
>fundamentally retcon parts of the protocol.
Why not? I would have thought that's what it was there for. TLS has been
using extensions to fix protocol problems for years without any real problems.
Taking one case that I'm pretty familiar with, the encrypt-then-MAC extension,
the impact was very minimal, you add an entry to an extension en/decoding
table, and then have a boolean flag to swap the order of calls to encrypt and
MAC routines. It was, I dunno, maybe a dozen lines of code and a hour's work
to fix a problem that had been plagueing the protocol for at least fifteen
years. It's a really easy way to fix issues in the protocol, I just wish SSH
had had an extension mechanism of the kind that Denis is working on a long
time ago.
Peter.
Home |
Main Index |
Thread Index |
Old Index