Re: Core draft last call update.

To: ietf-ssh%netbsd.org@localhost
Subject: Re: Core draft last call update.
From: daw%mozart.cs.berkeley.edu@localhost (David Wagner)
Date: 11 Mar 2002 09:22:05 GMT

Markus Friedl  wrote:
>As to CTR: AFAIK in CTR mode the handling, formating of the counter
>needs some work before we can agree, e.g the proposal for aes128-ctr in
>IPsec makes size(ciphertext) != size(plaintext), so CTR should not be
>added now, because it will delay the process significantly.
>
>So, if we would need a spec for OFB/CFB (with cipher block-sized
>feedback) soon.

Hmm.  I must admit I'm a little confused: what are the reasons to
prefer OFB mode over CTR mode?  Are there some security reasons?  Is it
something else?  I don't see anything terribly wrong with OFB mode,
but I'd like to understand why it is preferred over CTR mode.

I'm also confused on why it's a problem that IPSec uses a form of CTR
mode not so well suited for SSH.  Or is it better not to ask?

P.S. I assumed that if there is a known security weakness, it would be
disclosed in the RFC, so I'm surprised that you consider it a bad thing to
have a paragraph describing the weakness.  Were you proposing that mention
of this risk should be omitted from the RFC?  That seems dangerous.

Follow-Ups:
- Re: Core draft last call update.
  - From: Markus Friedl

References:
- Re: Core draft last call update.
  - From: Bill Sommerfeld
- Re: Core draft last call update.
  - From: Wei Dai
- Re: Core draft last call update.
  - From: Markus Friedl

Prev by Date: Re: Core draft last call update.
Next by Date: Re: Core draft last call update.
Previous by Thread: Re: Core draft last call update.
Next by Thread: Re: Core draft last call update.
Indexes:

Home | Main Index | Thread Index | Old Index