Re: applying AES-GCM to secure shell: proposed "tweak"

To: Nicolas Williams <Nicolas.Williams%sun.com@localhost>, Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Subject: Re: applying AES-GCM to secure shell: proposed "tweak"
From: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Date: Thu, 09 Apr 2009 09:12:09 -0400

--On Wednesday, April 08, 2009 10:57:49 PM -0500 Nicolas Williams<Nicolas.Williams%sun.com@localhost> wrote:

On Thu, Apr 09, 2009 at 03:51:35PM +1200, Peter Gutmann wrote:

Nicolas Williams <Nicolas.Williams%sun.com@localhost> writes:

> [So far the only extensibility mechanisms that we have at that point
> in the protocol are: new protocol version number (not going to happen)
> and magic algorithm names (which have been used successfully).]

... and the completely unused 32-bit flags field in the first message,
which I mentioned previously :-).


This:

      uint32       0 (reserved for future extension)

?

Yes, that could be used too.

I admit we haven't left ourself much room for pre-keyex negotiation, butthere is some. In addition to the bits already mentioned, we can use magictoken in the "comments" field of the version banner, and there are alsoseveral unused messages in both the transport-generic andalgorithm-negotiation layers, which implementations are REQUIRED to ignoreexcept for sending an SSH_MSG_UNIMPLEMENTED (see RFC4253 11.4)


-- Jeff

References:
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Nicolas Williams
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Peter Gutmann
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Nicolas Williams

Prev by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Previous by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Indexes:

Home | Main Index | Thread Index | Old Index