Re: applying AES-GCM to secure shell: proposed "tweak"

To: ietf-ssh%NetBSD.org@localhost
Subject: Re: applying AES-GCM to secure shell: proposed "tweak"
From: der Mouse <mouse%Rodents-Montreal.ORG@localhost>
Date: Wed, 8 Apr 2009 16:30:21 -0400 (EDT)

> I am concerned about the implications of an encryption algorithm spec
> changing parts of the base protocol.

I'm not sure that's really what's going on here.  I really need to find
the time to go read the spec, but from what I've gathered from the
list, this could, as far as the core protocol is concerned, be seen as
an encryption algorithm that happens to produce ciphertext identical to
the plaintext for certain parts of the data stream.

Does that weaken the security assurances provided by the protocol?  I
don't know.  My feeling is that it doesn't, but there's lots of
counterintuitive stuff running around crypto, and I'd need to think
about it a lot more to have any degree of confidence that's right.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Follow-Ups:
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Jeffrey Hutzelman

References:
- applying AES-GCM to secure shell: proposed "tweak"
  - From: Tim Polk
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Jeffrey Hutzelman

Prev by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Previous by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Indexes:

Home | Main Index | Thread Index | Old Index