Rekey issue

[Mouse <mouse%Rodents-Montreal.ORG@localhost>]

I've just tripped over an issue in my implementation and I was
wondering what people think the rightest behaviour is and/or what other
implementations do.

The problematic behaviour is: user connects to a host and accepts the
host key for this session only (ie, without recording it anywhere
permanent).  Then, on rekey, the client once again finds the host key
unlisted and wants user confirmation of its acceptability.

I can see at least three ways of dealing with this: (1) when rekeying,
always accept the host key regardless of what it is, (2) when rekeying,
require that the host key be what it was the first time around, always
accepting if it is and erroring if not, and (3) when rekeying, behave
as normal except that a second copy of the host key from the first time
around is, effectively, added as a trusted key for the host.

For the moment, I've done (1).  I'm wondering (a) what other
implementations do, (b) if I've missed an option above, and (c) what
people think should ideally be done.

It's also possible something is given in the spec for this and I just
missed it, though (since it's a user-interface issue) I'm inclined to
doubt it.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B