chefren wrote: > > > On 2/13/08 10:27 PM, Benjamin Bennett wrote: > >>> It is very unlikely that this patch will be integrated - it adds threads >>> to OpenSSH, which introduce many new security considerations. >> >> Using threads is really just a means to an end, and happened to be the >> most convenient means. If that's a show stopper for you guys, we can >> work on that. > > It's about security, "we can work on that" afterwards is more the > Microsoft way of security than the way OpenBSD people look at it.
I wasn't saying "we can work on security" afterwards. This is something that [to our knowledge] has not been worked on previously, and what we're providing is code that we consider experimental (due to lack of review) to get the ball rolling and get some feedback from others. We actually haven't gotten much feedback until today, so we do appreciate all of your comments. > > Are there any other issues? > > No, really!, just prove it's secure and anybody here is happy! > > > I get the idea you don't see the security implications of race > conditions in multi-core CPU's. Race conditions are not unique to multi-threading. No matter how this is implemented, the goal is to do multiple things at once and timing will be an issue. If you have a moment, please do take a look at the code and provide any comments/concerns you have (perhaps off-list). It's not very complicated and I believe it's actually easier to understand/validate in a multi-threaded form than if it were implemented other ways, I could be wrong though. thanks again for your input, --ben [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
