GSSAPI

Simon Wilkinson simonxwilkinson at gmail.com
Fri Jul 18 20:28:22 EST 2014


On 18 Jul 2014, at 05:20, Markus Friedl <mfriedl at gmail.com> wrote:

> 
>> Am 18.07.2014 um 03:01 schrieb Coy Hile <coy.hile at coyhile.com>:
>> 
>> What’s your justification for that?
> 
> The amount of extra code involved.


I’m not actually convinced that the attack surface is radically different between userauth and key exchange. In both the GSSAPI calls are being performed in the privileged monitor, and the GSSAPI calls that are used are pretty much identical.

Cheers,

Simon


More information about the openssh-unix-dev mailing list