RE: applying AES-GCM to secure shell: proposed "tweak"

[Jeffrey Hutzelman <jhutz%cmu.edu@localhost>]

--On Thursday, April 09, 2009 08:36:24 AM -0400 "Igoe, Kevin M." 
<kmigoe%nsa.gov@localhost> wrote:

> Damien Miller writes:
>
> > 5.1/5.2 - The suggested algorithm names are structurally different to
> > the other algorithm identifiers used in SSH. In particular, I don't see
> > any need for the "-ssh" to appear in the algorithm name as the cipher
> > has not been modified in any substantial way. Why not just "aes128-gcm"
> > or "aes128-gcm-aead" if you wanted to be particularly verbose?
>
> AEAD has its own convention for naming algorithms.  The names selected
> are more in keeping with the AEAD conventions.  I'm not terribly fond of
> theses names and would be willing to modify them as needed, but I'd like
> to keep an "ssh" tag in the name so that when one looks at the namespace
> of all AEAD algorithms, it is clear that these algorithms are intended
> for use in secsh.

I don't understand.  There is nothing "ssh" about the algorithm; it's just 
AES128 in GCM mode, no?  Any "how to use this in SSH bits" are part of the 
SSH spec but not part of the algorithm.  I'm not sure what value there is 
in a "namespace of all AEAD algorithms"; is there some registry you are 
concerned about?  Why would an ssh encryption algorithm name ever appear in 
a context other than ssh algorithm negotiation?  Why would you expect the 
names of, say, SSH encryption algorithms, TLS cipher suites, and Kerberos 
enctypes not to overlap?

In the context of the namespace in which these values are actually defined, 
which is that of SSH encryption algorithm names, the "-ssh" adds no value.

-- Jeff