RE: AEAD in ssh

To: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Subject: RE: AEAD in ssh
From: Damien Miller <djm%mindrot.org@localhost>
Date: Thu, 25 Feb 2016 11:16:11 +1100 (AEDT)

On Wed, 24 Feb 2016, Peter Gutmann wrote:

> They actually leak nothing, in that encrypting the length provides no
> security benefit at all. See for example "Peek-a-Book, I Still See
> You: Why Efficient Traffic Analysis Countermeasures Fail" by Dyer,
> Coult, Ristenpart and Shrimpton. Their analysis, of TLS traffic with
> unencrypted lengths, completely ignores TLS' plaintext length fields
> because they're irrelevant.

Peek-a-Boo makes clear that encrypted lengths aren't *sufficient*, but
I don't think it's so clear that they aren't necessary or useful.

-d

Follow-Ups:
- RE: AEAD in ssh
  - From: Peter Gutmann

References:
- Re: suggestion for new ssh maintenance wg
  - From: denis bider
- AEAD in ssh
  - From: Niels Möller
- Re: AEAD in ssh
  - From: Mark D. Baushke
- Re: AEAD in ssh
  - From: Niels Möller
- Re: AEAD in ssh
  - From: Niels Möller
- Re: AEAD in ssh
  - From: Bryan Ford
- Re: AEAD in ssh
  - From: Niels Möller
- Re: AEAD in ssh
  - From: Bryan Ford
- Re: AEAD in ssh
  - From: Niels Möller
- RE: AEAD in ssh
  - From: Peter Gutmann

Prev by Date: Re: AEAD in ssh
Next by Date: RE: AEAD in ssh
Previous by Thread: RE: AEAD in ssh
Next by Thread: RE: AEAD in ssh
Indexes:

Home | Main Index | Thread Index | Old Index