|
Yes – that is my understanding as well.
From: Peter Gutmann
Sent: Friday, April 7, 2017 21:48
Subject: Re: Fixing exchange of host keys in the SSH key
exchange Mouse
<mouse%Rodents-Montreal.ORG@localhost> writes: >They say, when describing hostkeys-00%openssh.com@localhost and hostkeys- >prove-00%openssh.com@localhost, that "[i]t also supports graceful key rotation: a >server may offer multiple keys of the same type for a period (to give clients >an opportunity to learn them using this extension) before removing the >deprecated key from those offered". > >I cannot see how this is even possible, at least not without a custom kex >algorithm. With, for example, Diffie-Hellman as defined in 4253 section 8, >the server presents only one host key to the client, and must choose which >one to present before kex (and thus authentication) completes. This then >gives no room to "offer multiple keys of the same type". I assumed the offered keys are via "hostkeys-00%openssh.com@localhost", not in the keyex. As the text says, it offers those for awhile, then when it seems all clients have got a copy it switches the keyex from the old to the new key. Peter. |