KEX graceful failure

Georgi Chulkov g.chulkov at jacobs-university.de
Sat Jun 28 23:18:26 EST 2008


Dear all,

I am currently implementing an experimental key exchange (KEX) algorithm. 
Unlike current algorithms like DH, mine needs to be able to fail gracefully, 
and in case of failure, continue with whatever algorithm would have been 
negotiated if mine was not selected.

My strategy for graceful failure is to remove my KEX algorithm from 
myproposal[KEX_DEFAULT_KEX] and to initiate a new key exchange.

My question is whether it is safe (and a good idea) to simply call do_ssh2_kex 
(server) / ssh2_kex (client) in order to do another exchange, and whether 
there are any negative consequences of doing so (e.g. security or 
reliability).

Thanks!

Georgi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20080628/404cdc75/attachment.bin 


More information about the openssh-unix-dev mailing list