Re: DH Group Exchange Fallback

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

On 09/22/2017 03:22 PM, Daniel Kahn Gillmor wrote:

On Thu 2017-09-21 18:12:44 -0400, Joseph S Testa II wrote:

     I gotta say... having a fallback mechanism here seems pretty
strange.  The entire point of the group exchange is to use a dynamic
group and not a static one.


fwiw, i think dynamic groups for DHE key exchange is intrinsically
problematic when there is any computational expense in validating the
quality of the group parameters.
While some may agree with this, the fact remains that the current implementation isn't working as expected. I'm interested in correcting the behavior. 

   - Joe
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux