Re: Start of WG Last Call on: draft-ietf-secsh-newmodes-03.txt

To: ietf-ssh%netbsd.org@localhost, sommerfeld%sun.com@localhost
Subject: Re: Start of WG Last Call on: draft-ietf-secsh-newmodes-03.txt
From: Ben Harris <bjh21%bjh21.me.uk@localhost>
Date: Fri, 25 Mar 2005 17:22:05 +0000

In article <1111616668.16353.77.camel@thunk> you write:
>> 	Title		: SSH Transport Layer Encryption Modes
>> 	Author(s)	: M. Bellare, et al.
>> 	Filename	: draft-ietf-secsh-newmodes-03.txt
>> 	Pages		: 12
>> 	Date		: 2005-3-23
>	
>I am starting an official WG Last Call on this document, for publication
>as an Proposed Standard.  This last call period expires on April 6th,
>2005.
>
>This is an important draft; please read it carefully.
>
>During this Last Call period, comments supporting publication are
>encouraged as are comments pointing out problems or suggesting changes
>to the spec. 

The semantics af the specification seem fine to me, but there are a few
nits:

The abstract and the introduction state that the security problems with CBC
modes were identified "recently".  I'd suggest dropping the word "recently"
in both cases since it's over two years ago now.

The abstract mentions [ACM CCS 2002], which doesn't appear in the
references.

In section 3, "Section 7" should read "Section 9".  In section 4, "Section
4.3" should read "Section 6.3", and "Section 5.2" should read "Section 7.2".

"vice versa" is mis-spelt as "visa-versa" in sections 3 and 6.1.

There should perhaps be an explicit note in section 4 that blowfish-ctr uses
a different key size from blowfish-cbc.

In the paragraph describing blowfish-ctr, "256 bit" should read "256-bit".

The reference for triple-DES in section 4 should be changed from [SCHNEIER]
to FIPS PUB 46-3.

The sentence "IDEA is patented by Ascom AG" shoud be removed.

The key size of cast128-ctr should be specified.

In section 6.2, the phrase "Although there may be networks savings for
padding to only 8-bytes" should read "Although there may be network savings
from padding to only 8 bytes".

The reference for [AES] should be to FIPS PUB 197 rather than to the
Rijndael submission.

References [BN] and [KRAWCZYK] are never used.

>Reports of successful implementation of this draft are encouraged.

I've written a client implementation of aes128-ctr, aes192-ctr, aes256-ctr,
3des-ctr, and blowfish-ctr for PuTTY, and tested the first three against
OpenSSH 3.9p1.  I haven't yet found a server implementation of 3des-ctr or
blowfish-ctr to test against (though I haven't looked hard).

-- 
Ben Harris

References:
- I-D ACTION:draft-ietf-secsh-newmodes-03.txt
  - From: Internet-Drafts
- Start of WG Last Call on: draft-ietf-secsh-newmodes-03.txt
  - From: Bill Sommerfeld

Prev by Date: Re: Comments on draft-ietf-secsh-x509-00
Next by Date: Re: WG Chair Nits & start of WG Last Call: draft-ietf-secsh-publickeyfile-06.txt
Previous by Thread: Start of WG Last Call on: draft-ietf-secsh-newmodes-03.txt
Next by Thread: I-D ACTION:draft-ietf-secsh-x509-00.txt
Indexes:

Home | Main Index | Thread Index | Old Index