Re: applying AES-GCM to secure shell: proposed "tweak"

To: "denis bider (Bitvise)" <ietf-ssh2%denisbider.com@localhost>, ietf-ssh%NetBSD.org@localhost
Subject: Re: applying AES-GCM to secure shell: proposed "tweak"
From: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Date: Wed, 15 Apr 2009 16:01:46 -0400

--On Wednesday, April 15, 2009 02:24:21 PM -0400 "denis bider (Bitvise)"<ietf-ssh2%denisbider.com@localhost> wrote:

If ssh starts going down that road, another dozen or so "special cases"
later it'll be a horrible mess of magic interdependencies, with
determining whether negotiation _can_ succeed bordering on NP-hard.


SSH is already down that road. GSSAPI key exchange requires ignoring the
negotiated host key algorithm.

No, it most certainly does not. GSS keyex depends on neither public keysignature nor encryption, and so can be used with host key algorithms whichprovide neither, such as "null". It does not _require_ use of such analgorithm; it works with any host key algorithm and in fact has the sideeffect of authenticating whatever host key is used. It certainly does notrequire ignoring the results of host key algorithm negotiation and usingsome other host key instead.


-- Jeff

References:
- applying AES-GCM to secure shell: proposed "tweak"
  - From: Tim Polk
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Niels Möller
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: der Mouse
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Niels Möller
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: der Mouse
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: denis bider (Bitvise)

Prev by Date: RE: applying AES-GCM to secure shell: proposed "tweak"
Next by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Previous by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Indexes:

Home | Main Index | Thread Index | Old Index