Re: Ben Harris's individual submissions: arcfour-fixes and rsa-kex

To: ietf-ssh%netbsd.org@localhost
Subject: Re: Ben Harris's individual submissions: arcfour-fixes and rsa-kex
From: Ben Harris <bjh21%bjh21.me.uk@localhost>
Date: Thu, 31 Mar 2005 00:09:17 +0100

In article <1112213215.20951.264.camel@thunk> you write:
>I don't believe either of these is in conflict with existing work in the
>WG; the path of least resistance may be for Ben to submit these as
>individual submissions to the IESG.

I'm happy to do that if there's no interest in turning them into WG drafts. 
I'd kind of like to know whether anyone thinks they're worthwhile at all,
though.

>rsa-kex is a weaker kex (as it allows the client to completely determine
>the session key);

I'm not convinced that this is a problem, since K gets hashed with
server-supplied data at least once before it's used, so unless the client
can break the hash function they can't usefully determine the exchange hash
or session keys.  If someone can explain why there's a problem here, I may
be able to work out a way around it.

Of course, being weaker isn't the point of rsa-kex; using much less CPU time
on the client side is.

-- 
Ben Harris

References:
- Ben Harris's individual submissions: arcfour-fixes and rsa-kex
  - From: Bill Sommerfeld

Prev by Date: draft-ietf-secsh-auth-kbdinteract-07 approved for publication..
Next by Date: Protocol Action: 'Generic Message Exchange Authentication For SSH' to Proposed Standard
Previous by Thread: Ben Harris's individual submissions: arcfour-fixes and rsa-kex
Next by Thread: Re: Ben Harris's individual submissions: arcfour-fixes and rsa-kex
Indexes:

Home | Main Index | Thread Index | Old Index