Re: Pulling it all together - New Section 11 on Security Considerations

[Chris Lonvick <clonvick%cisco.com@localhost>]

Hi,

Nominal nits nuked.
  http://www.employees.org/~lonvick/newssh10.html
The only signigicant chances were in Section 11.3.2 Debug messages.
Please look that over and provide comments.


I've found the following references to the "Rogaway attack".

[Rogaway] P. Rogaway, "Problems with Proposed IP Cryptography, 1995.
          Unpublished paper available at http://www.cs.ucdavis.edu/
          ~rogaway/papers/draft-rogaway-ipsec-comments-00.txt

[Dai]  W. Dai, "an attack against SSH2 protocol", Email to the SecSH
       Working Group ietf-ssh%netbsd.org@localhost, Feb. 2002, available at
       ftp://ftp.ietf.org/ietf-mail-archive/secsh/2002-02.mail

[BELLARE,KOHNO,NAMPREMPRE]  "Authenticated Encryption in SSH: Fixing the
    SSH Binary Packet Protocol", Proceedings of the 9th ACM Conference on
    Computer and Communications Security, M. Bellaire, T. Kohno, C.
    Namprempre, Sept. 2002

For the last one, the paper is online at
  http://www.cs.ucsd.edu/users/tkohno/papers/SSH/

The first two are ephemeral so I'm not sure if they're appropriate for
inclusion in a Standards Track RFC.  On the other hand, I think it
appropriate to give credit where it is deserved and it looks like Dr.
Phillip Rogaway was the first person to discuss this.   Wei Dai discussed
it in the mailing list and showed its applicability to SSH.  The third
reference also gives credible analysis of the attack in Section 3 and also
references the prior discussions of Rogaway and Dai.

Are there any objections to including all three references?

Are there any other references to this that should be included?

Thanks,
Chris


On Thu, 5 Jun 2003, Russ Housley wrote:

> Chris:
>
> A few nit picky notes below.