IETF Logo Mail Archive

Re: Feedback on draft-ssh-ext-info-00

denis bider <ietf-ssh3@denisbider.com> Sat, 05 December 2015 19:38 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FEF21A8AE3 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 5 Dec 2015 11:38:31 -0800 (PST)
X-Quarantine-ID: <P3UPuzsdl9hU>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BAD HEADER SECTION, MIME error: error: part did not end with expected boundary; ; error: unexpected end of parts before epilogue
X-Spam-Flag: NO
X-Spam-Score: -0.452
X-Spam-Level:
X-Spam-Status: No, score=-0.452 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTML_TAG_BALANCE_BODY=1.157, MIME_8BIT_HEADER=0.3, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P3UPuzsdl9hU for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 5 Dec 2015 11:38:30 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F9C81A8ADF for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Sat, 5 Dec 2015 11:38:30 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id 5430385F19; Sat, 5 Dec 2015 18:09:14 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: by mail.netbsd.org (Postfix, from userid 1347) id 0ED2785F11; Sat, 5 Dec 2015 18:09:14 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id E06FF85EBC for <ietf-ssh@netbsd.org>; Thu, 3 Dec 2015 11:14:29 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id NRIxSk0RLHTA for <ietf-ssh@netbsd.org>; Thu, 3 Dec 2015 11:14:29 +0000 (UTC)
Received: from skroderider.denisbider.com (skroderider.denisbider.com [50.18.172.175]) (using TLSv1.1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id 69C6B85E8A for <ietf-ssh@netbsd.org>; Thu, 3 Dec 2015 11:14:29 +0000 (UTC)
X-Footer: ZGVuaXNiaWRlci5jb20=
Received: from localhost ([127.0.0.1]) by skroderider.denisbider.com for nisse@lysator.liu.se; Thu, 3 Dec 2015 11:14:24 +0000
Date: Thu, 03 Dec 2015 11:14:24 +0000
Subject: Re: Feedback on draft-ssh-ext-info-00
X-User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0
Message-ID: <1670890688-3144@skroderider.denisbider.com>
From: denis bider <ietf-ssh3@denisbider.com>
To: Niels Möller <nisse@lysator.liu.se>
Cc: Damien Miller <djm@mindrot.org>, Markus Friedl <mfriedl@gmail.com>, ietf-ssh@netbsd.org
X-Priority: 3
Importance: Normal
In-Reply-To: <nnr3j3ol1t.fsf@armitage.lysator.liu.se>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=-/rmZYzDH9QxGEJIdeF7X"
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list

Point taken. You are probably right.


Niels Möller <nisse@lysator.liu.se> , 12/3/2015 10:59 AM:
Regarding sending SERVICE_REQUEST and userauth messages back-to-back, 
 
denis bider <ietf-ssh3@denisbider.com> writes: 
 
> I'm not sure that we have a guarantee that the server must properly 
> handle this chaining. 
 
Have you seen any implementations broken is this way? 
 
I'd expect any reasonable server to process incoming messages properly, 
and in case it for some reason isn't ready to process the next logical 
message, simply delay reading and processing messages until it is ready. 
 
After all, the protocol is very intentionally designed to minimize the 
number of roundtrip delays. 
 
> One would imagine people would not do this, but I've dealt with an 
> implementation that discards KEXINIT if it's received in the same 
> network frame as the SSH version string. 
 
I think that's a different bug, and not very relevant. That's the point 
where you switch from new-line-delimited text data to the binary data, 
which needs some care to get right. 
 
Regards, 
/Niels 
 
--  
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26. 
Internet email is subject to wholesale government surveillance.

v2.23.0 | Report a Bug | By Email