On Fri, Apr 10, 2009 at 01:57:37AM -0400, der Mouse wrote: > > BTW, I would love to use the reserved field of KEXINIT to negotiate > > retriable key exchagne (a big deal for gss keyex). > > Why? Why not just have the gss kex define its kex-method-specific > messages so as to permit multiple back-and-forths, retrying as much as > necessary to find something suitable? Because we didn't do that to begin with. We should have. We didn't. > Actually, perhaps the best way to answer that would be to sketch the > semantics for the retryable-kex bit you'd like to define; then I could > probably see what the issue is (or suggest a way that doesn't break > interoperability that badly, using existing facilities). Simple: if key-ex fails, then the client can re-send KEXINIT, the server then responds with its KEXINIT, and the process starts all over. Nico --
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.