Re: applying AES-GCM to secure shell: proposed "tweak"

To: Nicolas Williams <Nicolas.Williams%sun.com@localhost>, Niels Möller <nisse%lysator.liu.se@localhost>
Subject: Re: applying AES-GCM to secure shell: proposed "tweak"
From: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Date: Thu, 16 Apr 2009 10:20:46 -0400

--On Thursday, April 16, 2009 09:04:35 AM -0500 Nicolas Williams<Nicolas.Williams%sun.com@localhost> wrote:

This is a separate issue.  Remove AEAD and you don't interop.  Add AEAD
with my rule and you still don't interop.  To improve the situation we
need to twist the KEXINIT abstraction a bit more (no objections from
me): IF a non-AEAD cipher is chosen AND there was no common MAC AND
there was a common AEAD cipher THEN re-compute the cipher selection
ignoring all non-AEAD ciphers.


Ugh.  This is starting to get complicated.

Follow-Ups:
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: der Mouse
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Nicolas Williams

References:
- applying AES-GCM to secure shell: proposed "tweak"
  - From: Tim Polk
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Niels Möller
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: der Mouse
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Niels Möller
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Jeffrey Hutzelman
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Nicolas Williams
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Niels Möller
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Nicolas Williams

Prev by Date: Re: applying AES-GCM to secure shell: proposed "tweak" (fwd)
Next by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Previous by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Indexes:

Home | Main Index | Thread Index | Old Index