Re: applying AES-GCM to secure shell: proposed "tweak"

To: der Mouse <mouse%Rodents-Montreal.ORG@localhost>
Subject: Re: applying AES-GCM to secure shell: proposed "tweak"
From: Damien Miller <djm%mindrot.org@localhost>
Date: Thu, 9 Apr 2009 16:50:50 +1000 (EST)

On Wed, 8 Apr 2009, der Mouse wrote:

> I would suggest creating new packet type for negotiating options like
> this.  As a strawman:
> 
>       byte         SSH_MSG_OPTION (value = 7)
>       string       option name
>       ...          option-specific data

I think any option that changes the binary packet format would need
to be included in the kex hash to prevent downgrade/upgrade attacks.
This is somewhat annoying implementation-wise if it is a separate packet.

-d

Follow-Ups:
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Nicolas Williams
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Peter Gutmann

References:
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Peter Gutmann
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: der Mouse

Prev by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Previous by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Indexes:

Home | Main Index | Thread Index | Old Index