Re: applying AES-GCM to secure shell: proposed "tweak"

To: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Subject: Re: applying AES-GCM to secure shell: proposed "tweak"
From: Joseph Galbraith <galb-list%vandyke.com@localhost>
Date: Thu, 09 Apr 2009 13:49:24 -0600

Peter Gutmann wrote:

Nicolas Williams <Nicolas.Williams%sun.com@localhost> writes:

Er, actually, I'm not sure.  It depends on what implementations do with it
now when it's not set to 0.  Hmmm, what does the spec say to do about that
field?  Sadly: nothing, at least not in section 7.1.

Well if it's RFU then it's implied that you ignore it, which has been thepractice for RFU fields since at least the 1970s (in things like status flagsregisters), and probably even earlier but I wasn't playing with computerhardware back then.


How about a quick straw poll, since we've probably got a good number of
implemeters here.  If your implementation sees a non-zero value in the RFU
field, will it:

  1. Ignore it and continue, since it's RFU.
  2. Run Nethack, and failing that, emacs in Towers-of-Hanoi mode.
  3. Reformat the hard drive.
  4. ???
  5. Profit.

Last time we discussed this (extending the transport layer)
I'm pretty sure we had one implementor claiming that for
'paranoia', they were checking that the value was zero.

Can't remember who though.

Thanks,

Joseph

References:
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Peter Gutmann

Prev by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Previous by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Indexes:

Home | Main Index | Thread Index | Old Index