Re: Terrapin

[Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>]

Brian Pence <bpence%celestialsoftware.net@localhost> writes:

>OpenSSH supports a number of transport-layer hardening measures under a
>"strict KEX" feature. This feature is signalled similarly to the RFC8308 ext-
>info feature: by including a additional algorithm in the initial
>SSH2_MSG_KEXINIT kex_algorithms field.

Ugh, another incompletely-specified [*] homebrew add-on kludged onto SSH
without any public consultation, to fix the problems caused by the first
incompletely-specified homebrew add-on kludged onto SSH without any public
consultation.  What happened to publishing RFCs and getting public review and
feedback in case there are problems?

>During initial KEX, terminate the connection if any unexpected or out-of-
>sequence packet is received. This includes terminating the connection if the
>first packet received is not SSH2_MSG_KEXINIT. Unexpected packets for the
>purpose of strict KEX include messages that are otherwise valid at any time
>during the connection such as SSH2_MSG_DEBUG and SSH2_MSG_IGNORE.

Are there any implementations that would break if you did this anyway?
Assuming that what it's trying to say is "terminate the connection if the
first packet isn't SSH2_MSG_KEXINIT".

Peter.

[*] See the second paragraph quoted above with ambiguous and vague terms like
    "unexpected", "includes ...", etc.