Re: Implementation-hazards list [was Re: Fixing exchange of host keys in the SSH key exchange]

[Mouse <mouse%Rodents-Montreal.ORG@localhost>]

>> ...I don't see any need to name-and-shame on such a list.  It's the
>> misbehaviour, not whose implementation exhbits it, that matters for
>> implementation purposes.
> It's not so much concerns about name-and-shame, it's that it's
> impossible not to name vendors when you need to know whose SSH ID to
> check for to add a workaround.

Oh, hmm, true.  I wasn't thinking it through enough.

>> Yes, I would support - and participate in, provided it isn't done in
>> a way that ends up excluding me - such an effort.
> I wasn't necessarily thinking a full email list, that's way too
> organised,

:-)

>> It also might be interesting to do interop testing.
> Or just some agreement to run an instance of your implementation at
> some fixed location so people could bounce messages off it.

That's pretty much what I was thinking - interop testing can also be
done informally. :-)  There are a lot of details, but I would expect
they can be worked out in most cases.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B