On 18 Jul 2014, at 05:20, Markus Friedl <mfriedl@xxxxxxxxx> wrote: > >> Am 18.07.2014 um 03:01 schrieb Coy Hile <coy.hile@xxxxxxxxxxx>: >> >> What’s your justification for that? > > The amount of extra code involved. I’m not actually convinced that the attack surface is radically different between userauth and key exchange. In both the GSSAPI calls are being performed in the privileged monitor, and the GSSAPI calls that are used are pretty much identical. Cheers, Simon _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev