IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Core draft last call update.



On Sun, Mar 10, 2002 at 09:38:49PM -0800, Wei Dai wrote:
> Given that the problem was found in time, and that the fix is simple (I've
> already provided the suggested language), why not just agree to fix it
> now? I'm new to the IETF standardization process, but how much time could
> it possibly take to put in the fix? If CTR mode is too controversial
> (although I don't know why it would be and still haven't seen a
> substantial argument against it) I would be willing to compromise by using
> OFB or CFB mode instead. 

Personally I think it would be better to add OFB and/or CFB modes than
to scare people in the draft by saying: "we use CBC but CBC can be
broken easily" (this is how people will read it).

As to CTR: AFAIK in CTR mode the handling, formating of the counter
needs some work before we can agree, e.g the proposal for aes128-ctr in
IPsec makes size(ciphertext) != size(plaintext), so CTR should not be
added now, because it will delay the process significantly.

So, if we would need a spec for OFB/CFB (with cipher block-sized
feedback) soon.

Having a paragraph about the dangers of CBC is a bad idea unless
we offer alternatives to CBC in the very same document.



Home | Main Index | Thread Index | Old Index