On 09/22/2017 03:22 PM, Daniel Kahn Gillmor wrote:
On Thu 2017-09-21 18:12:44 -0400, Joseph S Testa II wrote:
I gotta say... having a fallback mechanism here seems pretty
strange. The entire point of the group exchange is to use a dynamic
group and not a static one.
fwiw, i think dynamic groups for DHE key exchange is intrinsically
problematic when there is any computational expense in validating the
quality of the group parameters.
While some may agree with this, the fact remains that the current
implementation isn't working as expected. I'm interested in correcting
the behavior.
- Joe
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev