The end of the beginning is in sight
Eric S. Raymond
esr at thyrsus.com
Sun Jan 8 14:29:34 UTC 2017
Hal Murray <hmurray at megapathdsl.net>:
>
> > > That sounds uncomfortably plausible. I can think of a workaround: add a
> > > padding extension long enough that the packet can't have any of the magic
> > > lengths.
> > I've read that. I've even implemented it myself once, in the Python
> > protocol back end. Is there advice in there that I missed on how to avoid
> > magic-length interactions?
>
> It has a couple of minimum length constraints. I think those are enough to
> avoid the screwup cases.
>
> Mostly, I pointed it out to show the complexities of that area, at least with
> the current setup. There may be room for something like NTPv4.1 which drops
> compatibility with the old stuff that caused problems since it is rarely used.
And by "old stuff" I think you mean specifically Autokey, don't you?
To the extent I understand these length interactions from having coded
the Python support, I don't believe either MD5 or SHA-1 MACs are
implicated.
I think you're right. The first thing to do about this is probably to
strengthen the non-interoperablity warnings around Autokey.
--
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
More information about the devel
mailing list