IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: IESG feedback on core drafts.
Some detailed comments,
"Joseph Galbraith" <galb-list%vandyke.com@localhost> writes:
> So long as the "none" cipher is not used, this protocol
> provides confidentiality. Older, smaller ciphers, such
Why do you say "smaller". How is 3DES smaller than AES?
> as 3des and arcfour MAY be less secure from attack than
> ciphers such as AES. Implementors SHOULD prefer ciphers
> such as twofish, serpent, or AES over blowfish, 3des and
> arcfour.
Why would you recommend twofish and serpent over 3DES?
3DES has received vastly more analysis than either.
> With ciphers operating in CBC mode is theoretically
> vulnerable to choosen cipher-text attacks because of
> the high predicability of the start of packet sequence.
> However, this attack is still relatively hard enough, and
> requires a sufficiently high number of packets, to be safe
> in the short term. Ciphers with larger block sizes are
> less vulnerable the ciphers with smaller block sizes.
> [Is this true?]
What attack are you talking about here? The Rogaway attack?
Perhaps you need a citation and some explanation?
> Effort is underway to standardize the use of CTR mode
> ciphers in the SSH protocol. When this work is completed,
> implementors SHOULD support it.
>
> In addition, the CBC mode attack can be mitigated by
> ensuring the an SSH_MSG_IGNORE packet preceeds any real
> data at the start of a TCP packet.
A TCP packet? How is the TCP mapping relevant?
> Because MACs use a 32 bit sequence number, they may
> start to leak information after 2**32 packets have
> been sent.
You should be specific here about how they leak data.
> 11.1.3 Replay
>
> This protocol binds each session key to the session
> by including random data that is specific to the
> session in the hash used to produce session keys.
>
> This session id is used by higher level protocols
> to prevent replay of packets form previous sessions.
^^^^
from.
> In addition, the use of cipher chaining prevents
> replay of packets within the session. Cipher chaining
> also prevents the insertion or deletion of packets.
I'm not sure this is true if the MAC is disabled.
> 11.3.2 Proxy forwarding
>
> The ssh connection protocol allows proxy forwarding
> of other protocols. The proxy forwarding functionality
> can be used to circumvent firewall protections. Implementors
> SHOULD provide a mechanism to disable to administratively
> control the proxy forwarding funcitonality.
This sentence is ungrammatical.
-Ekr
--
[Eric Rescorla ekr%rtfm.com@localhost]
http://www.rtfm.com/
Home |
Main Index |
Thread Index |
Old Index