Re: applying AES-GCM to secure shell: proposed "tweak"

[der Mouse <mouse%Rodents-Montreal.ORG@localhost>]

> A different, more general, way to state the same selection rules
> would be as follows: [...]

> [I]t would be nice to hear from someone who has actually implemented
> the above logic if it works well in practice.  (My implementation
> uses only signature algorithms and only dh keyexchange, so it's not
> an issue, so up to now, I haven't cared much about it).

Well, I too have not implemented algorithms that let me test it fully
(only signature-needing kex and signature-providing hostkey), but I
think I've implemented kex/hk selection in full generality, and found
it not _that_ big a deal.  (See recv_kexinit in transport.c in the
moussh source if you're curious.)

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B