Questions about draft-ietf-curdle-ssh-ext-info-00.txt

[Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>]

I've been looking at this draft and have a few questions...

Section 2.3, "can send the the following message":

MAY?  MUST?  SHOULD?

Section 2.3, "This message is sent without delay, and immediately after
SSH_MSG_NEWKEYS":

Uhh, shouldn't it wait for the NEWKEYS to succeed?  Otherwise if something goes
wrong the sender has leaked the info that it's withheld until now because it's
apparently sensitive.

Section 2.4, "the server MAY send, but is not obligated to send, an
SSH_MSG_EXT_INFO message immediately before SSH_MSG_USERAUTH_SUCCESS":

Before, not after?  That's going to lead to a pretty strange message flow, the
client sends a SSH_MSG_USERAUTH_REQUEST and instead of the expected
SSH_MSG_USERAUTH_SUCCESS/SSH_MSG_USERAUTH_FAILURE it gets some random message
about extensions.  Why not require that the extensions be sent after
failure/success has been indicated?

Section 2.4, "If a server sends a subsequent SSH_MSG_EXT_INFO, this replaces
any initial one, and both the client and the server re-evaluate extensions in
effect":

This is just asking for trouble, you're requiring both sides to be able to
sort out and disambiguate conflicting extensions in a compatible manner.

Section 3.4, "elevation":

What does this extension do?  I was expecting an option of which floor you
want to get off on, with a negative value for the parking garage.

Peter.