Re: applying AES-GCM to secure shell: proposed "tweak"

To: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Subject: Re: applying AES-GCM to secure shell: proposed "tweak"
From: Nicolas Williams <Nicolas.Williams%sun.com@localhost>
Date: Wed, 15 Apr 2009 16:02:48 -0500

On Wed, Apr 15, 2009 at 03:52:46PM -0400, Jeffrey Hutzelman wrote:
> What I'd suggest instead is defining a unique MAC alogrithm for each AEAD 
> encryption algorithm, which has the same effects as null but is usable 
> _only_ when the corresponding encryption algorithm is selected.  This is a 
> simple and straightforward modification to the negotiation rules which 

But not simpler than my proposal:

   IF an AEAD cipher is selected THEN no MAC alg is selected (since the
   cipher provides integrity protection all by its lonesome).

We should pick the simplest solution that does the job.  I don't think
you'll find one simpler than the above.

Follow-Ups:
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Niels Möller
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Damien Miller

References:
- applying AES-GCM to secure shell: proposed "tweak"
  - From: Tim Polk
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Niels Möller
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: der Mouse
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Niels Möller
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Jeffrey Hutzelman

Prev by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Previous by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Indexes:

Home | Main Index | Thread Index | Old Index