The Secure Shell (SSH) Transport Layer Encryption Modes
RFC 4344

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>, 
    secsh mailing list <ietf-ssh@netbsd.org>, 
    secsh chair <secsh-chairs@tools.ietf.org>
Subject: Protocol Action: 'SSH Transport Layer Encryption Modes' 
         to Proposed Standard 

The IESG has approved the following document:

- 'SSH Transport Layer Encryption Modes '
   <draft-ietf-secsh-newmodes-06.txt> as a Proposed Standard

This document is the product of the Secure Shell Working Group. 

The IESG contact persons are Sam Hartman and Tim Polk.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-06.txt

Technical Summary
 
 Researchers have discovered that the authenticated encryption portion of
 the current SSH Transport Protocol is vulnerable to several attacks.

 This document describes new counter-mode based symmetric encryption
 methods for the SSH Transport Protocol and gives specific
 recommendations on how frequently SSH implementations should rekey.

 
Working Group Summary
 
 This document was non-controversial and well-received by the WG.

 
Protocol Quality
 
 The spec is relatively simple, and the working group is aware of
 multiple implementations, has received informal reports of successful
 interoperability, and has not received reports of any implementation
 difficulties.

 Sam hartman reviewed the specification for the IESG.

Note to RFC Editor
 
Section 4: Add note about future directions
old:    The "aes128-ctr" method uses AES (the Advanced Encryption Standard,
   formerly Rijndael) with 128-bit keys [AES].  The block size is 16
   bytes.
new:
   The "aes128-ctr" method uses AES (the Advanced Encryption Standard,
   formerly Rijndael) with 128-bit keys [AES].  The block size is 16
   bytes.
       At this time it appears likely that a future
       specification will promote aes128-ctr to be REQUIRED;
       implementation of this algorithm is very strongly encouraged.