mode 6 crypto revison

[Hal Murray]

> The current symmetric auth scheme requires a not-an-extension which is
> (formerly 10) 20 or 24 bytes of an essentially unidentifiable binary blob. to
> check for it, you either need a length for the authenticated stream or walk
> backward in the packet to see if the text matches a symmetric authenticator. 

That's not quite the right description.  You don't walk backwards.  You go 
forwards until you get to a reasonable stopping place, then check the length 
of what is left.  20 or 24 bytes are grandfathered (ugly hack) as 
non-extension authentication.


> My former proposed scheme requires something which is not-properly-an-extensio
> n. it has a six-byte header which should be regex searchable in mode 6 and
> unlikely to occur (no number though) in a regular text stream.

"regex searchable" doesn't sound like the right approach.

Is Eric's mode 6 writeup accurate?  docs/mode6.adoc
(I haven't checked the code, but it looks good.)

Assuming yes, then the current hack authentication will work and we can switch 
to using real extensions at any time.

-------

My previous comments about using NTS were bogus.  That lets the client know 
the response came from the correct server (or at least one with the correct 
certificate).  We need the other direction: the server needs to know the 
client is authorized to do restricted operations.  NTS doesn't support that.



-- 
These are my opinions.  I hate spam.