Notes for implementors, in no particular order

	Important tasks are in TODO

	Packet assembly and disassembly should be done
	only with functions in msg.c.  Functions there
	may call out to cert* modules, etc. for more
	complex types.

	Note that decoding a string is destructive so that,
	for instance, getcert() is destructive.  This is
	generally not a problem, but may fuddle key exchange
	algorithms which hash raw packets.

	Any strings from packets on the wire that are to
	be printed out must be sanitized with filterstring.

	Load/store keys with B(rd/rw)cert(priv/pub) functions.

	You must tell mkblob how big to make the blob; the
	buffer and header will be allocated together at once.

	Comment protocols carefully, e.g. as in recvmsg0.

Key Exchange:
	Kexinit() sets up the generic key exchange module.

	Kexrun() initiates a key exchange by sending a KEXINIT message.

	A KEX module must provide:
		init		Allocate and initialize state
		client		Implement client side protocol
		server		Implement server side protocol
		free		Clean up private state

Authentication:
	Authentication modules should use authrecvmsg() to read
	messages as it will discard SSH_MSG_USERAUTH_BANNER messages.

	Authentication modules should call authgeneric on the last
	message before returning a la authpass.c:^authpass.

Protocols:
	SSH2 in current (08/2002) IETF SECSH draft
	SSH1 variants not supported

Authentication:
	Password change request not supported
	Host-based authentication not supported

Compression:
	Not supported

Key file formats:
	Known Host Keys
		OpenSSH DSS/RSA known host public key database format
	Public Keys
		OpenSSH DSS/RSA known host public key database format
		OpenSSH uses a slightly different format for public keys
			used for user authentication as opposed to host
			authentication (see Known Host Keys above)
		An awk script is sufficient to convert to OpenSSH format
		OpenSSH has the tools necessary to export public keys in
			the SSH.com format
	Private keys
		We use our own private key file format for simplicity
		Libsec has necessary code for reading PEM RSA private
			key files such as those generated by OpenSSH
		Private keys are not currently encrypted
			Eventually we plan to use AES-CBC or similar

Key fingerprint formats:
	Hex and bubble-babble with MD5 and SHA1

Bug-for-Bug Compatibility:
	DataFellows uses MD5 in some places instead of SHA1
		as the (current) standard demands; we use SHA1

Diffie-Hellman paramater generation:
	It is not necessary that the generator of the entire
		multiplicative group; it need only generate
		a subgroup of about half the space.  This fact
		can be taken advantage of to make things faster,
		but we don't do that yet, so groupgen is even slower.
