On Thu, 15 Nov 2007, petesea@bigfoot.com wrote:

> Will Simon Wilkinson's GSSAPI Key Exchange patch ever be incorporated into
> the OpenSSH source?


As far as I know, none of the current core OpenSSH developers are in
favour of adding it.

> http://www.sxw.org.uk/computing/patches/openssh.html
>
> I'm sure I'm not the only one that uses it and would like to see it become
> part of the OpenSSH source. Is there something missing or is there some
> technical/philosophical reason for not including it?


Yes - we are very scared of adding features that lead to more
pre-authentication attack surface, especially when they delegate to
complex libraries with patchy security histories.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev