Re: Binary packet protocol rethink (was: Re: ChaCha20-Poly1305 for SSH)

To: Simon Tatham <anakin%pobox.com@localhost>
Subject: Re: Binary packet protocol rethink (was: Re: ChaCha20-Poly1305 for SSH)
From: Damien Miller <djm%mindrot.org@localhost>
Date: Sun, 29 Nov 2015 22:48:48 +1100 (AEDT)

While we're dropping wishlist items for SSH v.3, here's one of mine:

Key exchange negotiates an AEAD rather than a cipher and a MAC
separately, and does so from a greatly trimmed set of options. E.g.
AES-GCM, chacha20+poly1305 and an AES-CTR+HMAC mode.

IMO the AEAD primitive is the right metaphor for the security properties
of the SSH transport protocol. Removing the large cartesian product of
ciphers x MACs will make testing faster and binaries smaller too.

-d

Follow-Ups:
- Re: Binary packet protocol rethink (was: Re: ChaCha20-Poly1305 for SSH)
  - From: Simon Josefsson
- Re: Binary packet protocol rethink (was: Re: ChaCha20-Poly1305 for SSH)
  - From: Mark D. Baushke

References:
- ChaCha20-Poly1305 for SSH
  - From: Simon Josefsson
- Re: ChaCha20-Poly1305 for SSH
  - From: Niels Möller
- Binary packet protocol rethink (was: Re: ChaCha20-Poly1305 for SSH)
  - From: Simon Tatham

Prev by Date: Re: ChaCha20-Poly1305 for SSH
Next by Date: Re: Binary packet protocol rethink (was: Re: ChaCha20-Poly1305 for SSH)
Previous by Thread: RE: Binary packet protocol rethink
Next by Thread: Re: Binary packet protocol rethink (was: Re: ChaCha20-Poly1305 for SSH)
Indexes:

Home | Main Index | Thread Index | Old Index