IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Authenticated cipher modes
Simon Tatham <anakin%pobox.com@localhost> writes:
> Bill Sommerfeld <sommerfeld%sun.com@localhost> wrote:
> > how about listing the combined mode cipher in both the "cipher" and the
> > "mac" lists? that avoids the unambiguity problem -- if you know what it
> > is, you'll know to accept it on an all-or-none basis; if you don't know
> > what it is, you'll reject both instances of it.
>
> I think the problem is that this is inconsistent with the algorithm
> mandated by the transport protocol for choosing ciphers and MACs:
> `if the normal cipher and MAC selection selects Helix as only one of
> or MAC for a particular direction, then Helix must be used as both
> cipher and MAC for that direction, superseding whatever the normal
> selection algorithm chose for the other slot'
I think one could define the procedure as follows:
If helix is selected as the cipher to use by the ordinary selection
mechanism, *and helix is present* on both parties' lists of
authentication methods, then helix must be used for authentication,
bypassing the usual selection rules for the authentication method.
In effect, it says that implementations supporting helix should do the
cipher selection before the authentication selection.
This doesn't conflict too badly with current procedures. However, it
still shouldn't be done lightly, because it *will* conflict when
somebody proposes the analogous change with a reverse dependency
If foo is selected as the authentication method, and foo is present
on the cipher list of both parties, then foo must be used also for
encryption.
An alternative of a slightly different flavour, but which still
introduces a dependency between cipher selection and authentication
selection, is the following rule:
If all occurances of helix on the authentication lists must be
ignored unless helix is also used for the cipher for the
corresponding data stream.
Both these alternatives make it possible to use helix + a different
mac.
Regards,
/Niels
Home |
Main Index |
Thread Index |
Old Index