Mirrors | Updates | Feedback | Changes | Wishlist | Team
OpenSSH 4.2 introduces a variety of ZLIB compression called "firstname.lastname@example.org" which delays starting compression until after the server has sent SSH_MSG_USERAUTH_ACCEPT. It's configured to use this by default (or with the "Compression delayed" option), but ordinary "zlib" compression can be reinstated with "Compression yes".
The new method is specified in draft-miller-secsh-compression-delayed, currently -00.
As far as we can tell, this is inherently subject to a race condition, since the client can't know whether the server has sent that message, and hence whether it should be transmitting compressed or uncompressed packets. After the client has received USERAUTH_ACCEPT, of course, it knows that the server has sent it and can safely send compressed packets. This suggests that the following implementation would be safe (assuming throughout that the user has requested compression):
There's no need for PuTTY to stop supporting "zlib", since by the time we send NEWKEYS, we've authenticated the server.
Audit trail for this wish.