|
That sounds like a good idea. I would be interested to follow and
participate.
The obstacle seems to be getting people together. Those of us who’ve been
around for 15 years may be on this mailing list. I’m not sure if this is true
for authors of newer implementations, who might benefit from this information
most.
From: Peter Gutmann
Sent: Monday, March 27, 2017 00:21
Subject: Re: Fixing exchange of host keys in the SSH key
exchange denis
bider (Bitvise) <ietf-ssh3%denisbider.com@localhost> writes: >For the most recent example, an older version of a popular library used to >have the "maximum channel packet size" concept completely borked up. For a >channel opened by the remote party, this library would overwrite its own >maximum packet size with the remote one. This caused at least two different >kinds of session-ending problems to arise. It seems like every implementer has stories like this, but no-one can really mention them in public because you don't want to embarrass a particular vendor... would there be any interest in having a private list of email addresses of people to exchange information like this with? That way we could compare notes on necessary fixes that otherwise would need to be rediscovered for each new implementation. Peter. |