IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Authenticated cipher modes



Henrick Hellström wrote:

2. The processing rules of section 6.4 "Data integrity" of SSH-TRANS MUST be integrated into the encryption processing, if e.g. Helix encryption is selected. That is, the message counter should be processed by the encryption as unencrypted header data, in accordance with the Helix specification. (One should note that CCM mode is less of an issue in this respect, since an implicit message counter is part of the mode itself. Selecting CCM mode and the "none" data integrity algorithm would result in the desired state.)

The problem with this arrangement is preventing the null MAC from being
inadvertantly selected with cipher modes that don't provide integrity.

Perhaps these modes need a modified key-exchange to negotiate them?

-d




Home | Main Index | Thread Index | Old Index