Re: applying AES-GCM to secure shell: proposed "tweak"

To: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Subject: Re: applying AES-GCM to secure shell: proposed "tweak"
From: Nicolas Williams <Nicolas.Williams%sun.com@localhost>
Date: Wed, 8 Apr 2009 17:39:15 -0500

On Wed, Apr 08, 2009 at 01:22:35PM -0400, Jeffrey Hutzelman wrote:
> I am concerned about the implications of an encryption algorithm spec 
> changing parts of the base protocol.  The protocol is designed such that 
> there is an abstraction between the transport protocol and the individual 
> compression, encryption, integrity, key exchange, and public key 
> algorithms.  You propose introducing an encryption algorithm which requires 
> that the transport protocol itself behave differently when that algorithm 
> is in use, not only in not encrypting the length, but in changing the 
> generation of padding on outgoing messages.

What would the negotiation look like?  Would it apply to existing
ciphers as well?

[So far the only extensibility mechanisms that we have at that point in
the protocol are: new protocol version number (not going to happen) and
magic algorithm names (which have been used successfully).]

Nico
--

Follow-Ups:
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Peter Gutmann

References:
- applying AES-GCM to secure shell: proposed "tweak"
  - From: Tim Polk
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Jeffrey Hutzelman

Prev by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Previous by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Indexes:

Home | Main Index | Thread Index | Old Index