IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: latest drafts



der Mouse <mouse%Rodents.Montreal.QC.CA@localhost> writes:

> architecture-22 9.3.5 says that publickey makes no server security
> assumptions.  But this is not quite true; a compromised server may be
> able to use a publickey authentication attempt to play MitM to
> authenticate to another host as if it held a public key it does not in
> fact hold.  I'm not sure how feasible this is, because public-key
> signatures are over data blobs including session-specific portions, but
> it's certainly not obvious to me that it's impossible.

I agree it would be desirable to clarify this, as it's not crystal
clear what the MiTM can do and can't do in the scenario with no host
authentication, and publickey userauth.

> Various specifications in transport-24 break rather badly if the cipher
> in use has a block size that is less than 8 bytes but which does not
> divide evenly into 8 bytes.

I think this is a non-issue. There's no exisitng block cipher in wide
use that have a block size that isn't a power of two, as far as I'm
aware. And block ciphers that are adopted in the future ought to have
a block size no smaller than 8 bytes, for the same reasons that AES
uses a larger block size.

Regards,
/Niels



Home | Main Index | Thread Index | Old Index