Re: applying AES-GCM to secure shell: proposed "tweak"

[Damien Miller <djm%mindrot.org@localhost>]

On Thu, 16 Apr 2009, Timo J. Rinne wrote:

> Niels M?ller wrote:
> > > b) Allow a MAC algorithm to depend on encrpytion algorithm properties,
> > >   in the way that keyex algorithms depend on properties of host key
> > >   algorithms.  This means that such an algorithm can be considered
> > >   only if the selected encryption algorithm has whatever property it
> > >   depends on.  Then specify a single do-nothing MAC algorithm which
> > >   depends on AEAD encrpytion algorithm.
> > 
> > This makes sense to me. I'd prefer this option, then. The name could
> > be "none-if-aead".
> 
> I must say I really hate this one. Instead of one simply defined
> "magic" cipher algorithm name that would have, if selected, a side
> effect of abolishing MAC, we would have a "magic" MAC name with much
> more complicated interdependency to cipher list.

Yes, I don't think this one either. It seems like more extensive
special-casing or more complex (read: brittle) selection rules would be
required to make this work reliably.

-d