Re: applying AES-GCM to secure shell: proposed "tweak"

To: ietf-ssh%NetBSD.org@localhost
Subject: Re: applying AES-GCM to secure shell: proposed "tweak"
From: der Mouse <mouse%Rodents-Montreal.ORG@localhost>
Date: Thu, 9 Apr 2009 12:22:22 -0400 (EDT)

>> * except that it won't - OpenSSH just had to switch off a few
>> channel and global extensions for all but other OpenSSH peers
>> because some other implementations will disconnect as soon as they
>> see an extension message that they do not recognise.

> This is really unfortunate, given that RFC4253 is quite clear on how
> unrecognized extensions must be handled.  I would propose that we
> solve this problem once and for all by using a _single_ "magic"
> cipher name, or possibly a magic cookie in the version banner
> comments, to indicate that unrecognized messages are handled
> correctly and/or that option negotiation is supported.

That's a good one, right up there with RFC 3514.

(For those who don't get Jeff's humour: what's to prevent buggy
implementations of the "yes I get this right" claim?)

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

References:
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Peter Gutmann
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Damien Miller
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Jeffrey Hutzelman

Prev by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Previous by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Indexes:

Home | Main Index | Thread Index | Old Index