FAQ
Reviewers: agl1, dfc, jpsugar,

Message:
Hello agl1, dfc, jpsugar@google.com (cc: golang-dev@googlegroups.com),

I'd like you to review this change to
https://code.google.com/p/go.crypto


Description:
go.crypto/ssh: support rekeying in both directions.

Adds a largely symmetrical handshakeTransport, which can send
and process kexInit messages. Automatically rekey on every on
1G of data transmitted.

Please review this at https://codereview.appspot.com/14494058/

Affected files (+884, -270 lines):
    M ssh/client.go
    M ssh/client_auth.go
    M ssh/client_test.go
    M ssh/common.go
    A ssh/handshake.go
    A ssh/handshake_test.go
    M ssh/server.go
    M ssh/session.go
    M ssh/session_test.go
    M ssh/tcpip.go
    M ssh/transport.go
    M ssh/transport_test.go


--

---
You received this message because you are subscribed to the Google Groups "golang-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-dev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/golang-dev/047d7b15b01de6686a04e8ba6df8%40google.com.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

  • Hanwen at Oct 14, 2013 at 9:48 pm
    Reviewers: agl1, dfc, jpsugar,

    Message:
    Hello agl1, dfc, jpsugar@google.com (cc: golang-dev@googlegroups.com),

    I'd like you to review this change to
    https://code.google.com/p/go.crypto


    Description:
    go.crypto/ssh: support rekeying in both directions.

    Adds a largely symmetrical handshakeTransport, which can send
    and process kexInit messages. Automatically rekey on every on
    1G of data transmitted.

    Please review this at https://codereview.appspot.com/14494058/

    Affected files (+884, -270 lines):
        M ssh/client.go
        M ssh/client_auth.go
        M ssh/client_test.go
        M ssh/common.go
        A ssh/handshake.go
        A ssh/handshake_test.go
        M ssh/server.go
        M ssh/session.go
        M ssh/session_test.go
        M ssh/tcpip.go
        M ssh/transport.go
        M ssh/transport_test.go


    --

    ---
    You received this message because you are subscribed to the Google Groups "golang-dev" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-dev+unsubscribe@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/golang-dev/047d7bd752a445dfd404e8ba6e4e%40google.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Hanwen at Oct 14, 2013 at 9:59 pm
    this goes on top of CL 14641044.

    We must submit this one before the mux change, since we'd break rekeying
    otherwise.

    Beyond mechanism, this also implements a policy (rekey based on amount
    of data passed through the connection.) suggested by the RFC

    questions:
    * should we implement the other policy (rekey after every hour)
    * should we expose the rekeying functionality (OpenSSH apparently has a
    ~R shortcut that issues a rekey.) ?


    https://codereview.appspot.com/14494058/

    --

    ---
    You received this message because you are subscribed to the Google Groups "golang-dev" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-dev+unsubscribe@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/golang-dev/089e01184be070c73e04e8ba94db%40google.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Jpsugar at Oct 14, 2013 at 10:27 pm
    So for "rekey after N bytes", I think it's important to do that at a low
    level to avoid races where significantly more than N bytes might go
    through before the channel is blocked for a rekey.

    For other policies, I prefer the idea of exporting a Rekey() method and
    allowing the user to implement them, possibly with helpers.

    https://codereview.appspot.com/14494058/

    --

    ---
    You received this message because you are subscribed to the Google Groups "golang-dev" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-dev+unsubscribe@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/golang-dev/089e01537dea55d2f404e8baf91a%40google.com.
    For more options, visit https://groups.google.com/groups/opt_out.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupgolang-dev @
categoriesgo
postedOct 14, '13 at 9:48p
activeOct 14, '13 at 10:27p
posts4
users2
websitegolang.org

2 users in discussion

Hanwen: 3 posts Jpsugar: 1 post

People

Translate

site design / logo © 2021 Grokbase