Re: Authenticated cipher modes

To: Henrick Hellström <henrick%streamsec.se@localhost>, ietf-ssh%NetBSD.org@localhost
Subject: Re: Authenticated cipher modes
From: Damien Miller <djm%mindrot.org@localhost>
Date: Mon, 18 Apr 2005 19:39:01 +1000

Henrick Hellström wrote:

2. The processing rules of section 6.4 "Data integrity" of SSH-TRANSMUST be integrated into the encryption processing, if e.g. Helixencryption is selected. That is, the message counter should be processedby the encryption as unencrypted header data, in accordance with theHelix specification. (One should note that CCM mode is less of an issuein this respect, since an implicit message counter is part of the modeitself. Selecting CCM mode and the "none" data integrity algorithm wouldresult in the desired state.)


The problem with this arrangement is preventing the null MAC from being
inadvertantly selected with cipher modes that don't provide integrity.

Perhaps these modes need a modified key-exchange to negotiate them?

-d

References:
- Authenticated cipher modes
  - From: Henrick Hellström

Prev by Date: Re: Authenticated cipher modes
Next by Date: Re: Authenticated cipher modes
Previous by Thread: Re: Authenticated cipher modes
Next by Thread: Re: Authenticated cipher modes
Indexes:

Home | Main Index | Thread Index | Old Index