Re: a more detailed analysis of "known IV" vulnerability.

To: RJ Atkinson <rja%extremenetworks.com@localhost>
Subject: Re: a more detailed analysis of "known IV" vulnerability.
From: Damien Miller <djm%mindrot.org@localhost>
Date: Sun, 17 Mar 2002 21:27:24 +1100 (EST)

On Sat, 16 Mar 2002, RJ Atkinson wrote:

> > I believe this rationale should be carefully explained in the SSH RFC.
> > Otherwise, some readers might get the wrong impression.  Also, it will
> > help inform those who might re-use the SSH encoding transform without
> > also maintaining the upper layers that they are in a danger zone.
> 
> I'm not sure whether the detailed analysis really belongs in the
> core SSH RFCs.  Documenting in some RFC, possibly a parallel RFC
> with Informational status, seems eminently reasonable.

Can we put some text in the "security considerations" referring someone
to a published document without delaying the drafts?

-d

References:
- Re: a more detailed analysis of "known IV" vulnerability.
  - From: RJ Atkinson

Prev by Date: Re: a more detailed analysis of "known IV" vulnerability.
Next by Date: Re: a more detailed analysis of "known IV" vulnerability.
Previous by Thread: Re: a more detailed analysis of "known IV" vulnerability.
Next by Thread: Re: a more detailed analysis of "known IV" vulnerability.
Indexes:

Home | Main Index | Thread Index | Old Index