Re: des-cbc cipher

To: ietf-ssh%netbsd.org@localhost
Subject: Re: des-cbc cipher
From: sjl%ssh.com@localhost (Sami J. Lehtinen)
Date: 22 Nov 2001 01:16:43 +0200

anakin%pobox.com@localhost (Simon Tatham) writes:

> Looking at ssh.com's SSH-3.0.1, it appears that it supports
> single-DES encryption under the identifier "des-cbc".
> 
> I don't see this listed as an approved name in the latest transport
> draft. Is it an approved name, or has ssh.com unilaterally added it
> and failed to put a domain on the end?

Shall we say, a misfeature. It is not in the transport draft (nor
should it).

DES is supported for marketroid reasons (some people actually really
want to use it, even with advice for the contrary), and it not having a
"@ssh.com" ending is a bug. Which will also be present in 3.1.0,
unfortunately.

This shouldn't have any adverse affect on interoperability, as other
implementations will just ignore it as not supported (or do you
specifically look for algorithms that are not in the spec, and
disconnect in disgust?).

-- 
[sjl%ssh.com@localhost          --  Sami J. Lehtinen  --           sjl%iki.fi@localhost]
[work:+358 20 5007425][gsm:+358 40 864 3001][http://www.iki.fi/~sjl]
[SSH Communications Security Corp               http://www.ssh.com/]

Follow-Ups:
- Re: des-cbc cipher
  - From: Simon Tatham
- Re: des-cbc cipher
  - From: Niels Möller

References:
- des-cbc cipher
  - From: Simon Tatham

Prev by Date: des-cbc cipher
Next by Date: Re: des-cbc cipher
Previous by Thread: des-cbc cipher
Next by Thread: Re: des-cbc cipher
Indexes:

Home | Main Index | Thread Index | Old Index