IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Some questions about "SSH Transport Layer Encryption Modes"



These are more just ideas tossed out to see what thoughts people have on the
topic...

- I can't see any indication of how binding this is (or will be), is it
  experimental, informational, or standards-track?

- Section 3 talks about re-keying, but there seems to be some ambiguity in
  implementations about how to handle re-keying (specifically, what to do with
  data flows in progress when the re-key happens).  How viable is the re-
  keying approach really?

- From an implementation point of view, how practical is it to require the use
  of SDCTR mode?  It's not one of the big four (ECB/CBC/CFB/OFB), which makes
  it awkward to use with any standard crypto library or crypto hardware
  because it has to be manually synthesised from ECB.  Conversely, if people
  have to implement a nonstandard encryption mode anyway, what about just
  going the whole way and using some provable authenticate+encrypt
  combination?

Peter.



Home | Main Index | Thread Index | Old Index