draft-miller-ssh-agent-02: extensions and success messages

Damien Miller djm at mindrot.org
Thu Apr 5 14:56:32 AEST 2018


On Wed, 4 Apr 2018, Alex Wilson wrote:

> Hi,
> 
> I've been reading the RFC draft for the OpenSSH agent protocol and
> trying to understand the extension mechanism. It seems like a client,
> after sending an extension message, will have to then interpret any
> following success (0x6) message differently according to the extension
> request just sent. The example with the "query" extension returning a
> success message with extra data appended would seem to imply that, too.
> Is that correct?
> 
> If so, I would love to get some insight into why this was chosen over
> having an "extension reply" message number or something like that. It
> seems to me that the protocol up until now has always been stateless --
> you didn't have to know what you sent last in order to parse and
> validate received data -- which generally makes implementations nice and
> simple. After this change, client impls will have to change their
> parsing of the success message dramatically after sending each extension
> request message (and will have to track which ext they last sent etc),
> since it doesn't include enough information in the message itself any
> more to figure out what it should contain.

I don't follow - clients always have to know that the last message sent
was, otherwise they wouldn't be able to disambiguate the shared
SSH_AGENT_SUCCESS / SSH_AGENT_FAILURE.

If it's a problem in practice, then I guess I could add an extension-
specific reply message to a future draft, but I'm struggling to think of
a situation in which it would be needed.

BTW nothing at present implements any extensions AFAIK.

-d


More information about the openssh-unix-dev mailing list