RE: New version of rsa-sha2-256 draft: Back to PKCS#1 v1.5

To: denis bider <ietf-ssh3%denisbider.com@localhost>, "ietf-ssh%netbsd.org@localhost" <ietf-ssh%netbsd.org@localhost>
Subject: RE: New version of rsa-sha2-256 draft: Back to PKCS#1 v1.5
From: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Date: Thu, 12 Nov 2015 15:51:15 +0000

denis bider <ietf-ssh3%denisbider.com@localhost> writes:

>I have posted a new version of the draft, which switches back to PKCS#1 v1.5:

Phew, thanks, that makes things much easier to deal with.

>I have also updated the experimental server so it implements the latest draft
>version (with PKCS#1 v1.5):
>
>experiment.bitvise.com:10712
>
>To test host authentication, set the list of host key algorithms in your
>KEXINIT to "rsa-sha2-256" or "rsa-sha2-512". You will need at least one of
>these for successful key exchange - the server doesn't offer anything else.

It also only provides CTR modes, but none of the modes listed in RFC 4253:

  Attempt to activate SSH client session failed with error code -20, line 1129.
  Error message =
  'No algorithm compatible with the remote system's selection was found: 
   'aes256-ctr,aes192-ctr,aes128-ctr,3des-ctr''.

I do the REQUIRED and RECOMMENDED's from the original SSHv2 spec, RFC 4253,
but not the 4344 ones yet.

(Yeah, I know, I should probably add them, but given that CTR mode makes it
possible for an attacker to trivially set the plaintext to any value they
want, I've never really been convinced that the cure isn't worse than the
problem).

Peter.

References:
- New version of rsa-sha2-256 draft: Back to PKCS#1 v1.5
  - From: denis bider

Prev by Date: Re: Curve25519/448 key agreement for SSH
Next by Date: Re: New version of rsa-sha2-256 draft: Back to PKCS#1 v1.5
Previous by Thread: New version of rsa-sha2-256 draft: Back to PKCS#1 v1.5
Next by Thread: Re: New version of rsa-sha2-256 draft: Back to PKCS#1 v1.5
Indexes:

Home | Main Index | Thread Index | Old Index