IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [ietf-tls] Re: an attack against SSH2 protocol



Thus spake Wei Dai:
> I'll note that using CTR mode is more efficient than either of these
> suggestions. It doesn't require unpredictable IVs.
...
> Good point. If we want to fix SSH by using a per-packet unpredictable IV,
> the IV would have to be added to the list of MAC inputs. I think that
> would prevent the attack in appendix C.

So is the correct approach to fix the CBC implementation, or to switch
to a mode that is less prone to misuse?

> I'm not very familiar with how IETF working groups work, so what's the
> next step here?

Someone writes an internet-draft (ie. RFC format) describing the
change.

S

-- 
Stephen Sprunk          "So long as they don't get violent, I want to
CCIE #3723         let everyone say what they wish, for I myself have
K5SSS        always said exactly what pleased me."  --Albert Einstein



Home | Main Index | Thread Index | Old Index