IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: KEX_OPTION (Re: applying AES-GCM to secure shell: proposed "tweak")
On Thu, Apr 16, 2009 at 02:13:42PM -0400, der Mouse wrote:
> >>>> IF a non-AEAD cipher is chosen AND there was no common MAC AND
> >>>> there was a common AEAD cipher THEN re-compute the cipher
> >>>> selection ignoring all non-AEAD ciphers.
> >> This rule interacts very badly with the implementation of any other
> >> encryption algorithm that similarly wants to ignore MACs, especially
> >> if it defines an analogous rule.
> > Surely such an encryption algorithm would be an AEAD algorithm,
> > therefore there is no such interaction (since the rule still
> > applies).
>
> You truly believe that, for the entire lifetime of SSHv2, nobody will
> ever come up with another way to roll tamper-evident-ness in with
> encryption (or at least won't want to use such a thing with SSHv2)?
>
> I find that...dubious, at best.
No, I'm saying that from where we stand such an algorithm would like
like any other AEAD algorithm.
> > Of course, Jeff's KEX_OPTION packet type needs negotiation too!
>
> I don't see why. Send it and let it get handled or rejected.
Hmmm, I have to re-read the spec.
Home |
Main Index |
Thread Index |
Old Index