Re: applying AES-GCM to secure shell: proposed "tweak"

To: ietf-ssh%NetBSD.org@localhost
Subject: Re: applying AES-GCM to secure shell: proposed "tweak"
From: der Mouse <mouse%Rodents-Montreal.ORG@localhost>
Date: Wed, 15 Apr 2009 06:10:50 -0400 (EDT)

>    (There are some details left to specify on exactly how this should
>    interact with algorithm selection, since there are additional
>    dependencies.  You want to be able to ask for (aead, none) with a
>    fallback to (3des-cbc, hmac), without risk of ending up with
>    (3des-cbc, none).

I believe that's not directly possible at present, given the way
algorithm negotiation works.

However, it is fairly easy to offer enc=aead,3des-cbc mac=hmac, and, if
that negotiation succeeds, immediately re-kex with enc=aead mac=none.

>    Maybe it's easier to say that if an AEAD-algorithm is chosen for
>    encryption, the lists of mac algorithms (for that direction) are
>    ignored).

That would be a rather unpleasant violation of the existing definition.
I'd much rather just re-kex if using a none MAC is that important.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Follow-Ups:
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Nicolas Williams
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Damien Miller
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Niels Möller

References:
- applying AES-GCM to secure shell: proposed "tweak"
  - From: Tim Polk
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Niels Möller

Prev by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Previous by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Indexes:

Home | Main Index | Thread Index | Old Index