ECDSA and first connection; bug?
Damien Miller
djm at mindrot.org
Fri Jan 28 14:04:19 EST 2011
On Thu, 27 Jan 2011, Dan Kaminsky wrote:
> True, but suppose I'm a malicious server w/ the valid DSA key, but not
> the ECC key. I could advertise DSA exclusively, and the question is:
> Should the client accept the downgrade?
The client will accept the downgrade; this behaviour is unchanged from
OpenSSH < 5.7. I'm happy with this for now, because if there are problems
in the ECC code then users much be able to downgrade.
> Also, shouldn't we prefer *more* secure keys to less secure keys,
> client side?
Are you referring to the ordering of the key lengths within the ECDSA
types? These don't matter so much, since a host will only have at most one
ECDSA key.
-d
More information about the openssh-unix-dev
mailing list