Re: Core draft last call update.

To: ietf-ssh%netbsd.org@localhost
Subject: Re: Core draft last call update.
From: daw%mozart.cs.berkeley.edu@localhost (David Wagner)
Date: 13 Mar 2002 05:52:19 GMT

Markus Friedl  wrote:
>my point is that for CTR there is no common format (e.g.
>how is the counter encoded, etc) whereas a spec for OFB mode
>is simpler.

That's easily fixed, and I'd gladly volunteer to help.  Is this
really the only barrier to getting a fix in place?

>On Mon, Mar 11, 2002 at 09:22:05AM +0000, David Wagner wrote:
>> P.S. I assumed that if there is a known security weakness, it would be
>> disclosed in the RFC, so I'm surprised that you consider it a bad thing to
>> have a paragraph describing the weakness.
>
>i think it's bad to have such a paragraph without offering
>alternative cipher modes.

I admit I don't understand.  I come from a philosophy that says
you disclose what you know about the security properties of the
protocol, both positive and negative: truth in advertising.  If
the decision is that fixing this weakness is too costly at present,
that's one thing; avoiding all mention of it is another.  What's
gained by hiding the facts from implementors and readers of the RFC?
Can you help me understand the rationale behind such a stance?

Follow-Ups:
- Re: Core draft last call update.
  - From: Bill Sommerfeld
- Re: Core draft last call update.
  - From: Markus Friedl

References:
- Re: Core draft last call update.
  - From: Markus Friedl
- Re: Core draft last call update.
  - From: David Wagner
- Re: Core draft last call update.
  - From: Markus Friedl

Prev by Date: Re: Please review draft-ietf-secsh-agent-00.txt
Next by Date: Re: Application data during key re-exchange
Previous by Thread: Re: Core draft last call update.
Next by Thread: Re: Core draft last call update.
Indexes:

Home | Main Index | Thread Index | Old Index