Re: applying AES-GCM to secure shell: proposed "tweak"

To: Damien Miller <djm%mindrot.org@localhost>
Subject: Re: applying AES-GCM to secure shell: proposed "tweak"
From: Nicolas Williams <Nicolas.Williams%Sun.COM@localhost>
Date: Thu, 9 Apr 2009 11:04:47 -0500

On Thu, Apr 09, 2009 at 04:33:44PM +1000, Damien Miller wrote:
> On Thu, 9 Apr 2009, Peter Gutmann wrote:
> 
> > Nicolas Williams <Nicolas.Williams%sun.com@localhost> writes:
> > 
> > >[So far the only extensibility mechanisms that we have at that point in the
> > >protocol are: new protocol version number (not going to happen) and magic
> > >algorithm names (which have been used successfully).]
> > 
> > ... and the completely unused 32-bit flags field in the first message, which I
> > mentioned previously :-).
> 
> I think it would be much safer to define new cipher names for this.

I agree.  That or magic alg names (e.g.,
"all-ciphers-have-plaintext-packet-length").

The reserved uint32 will be, at the very least, difficult to use.

References:
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Peter Gutmann
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Damien Miller

Prev by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Previous by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Indexes:

Home | Main Index | Thread Index | Old Index