Re: des-cbc cipher

To: sommerfeld%east.sun.com@localhost, rja%inet.org@localhost
Subject: Re: des-cbc cipher
From: Darren Moffat <Darren.Moffat%eng.sun.com@localhost>
Date: Wed, 28 Nov 2001 17:08:54 -0800 (PST)

>At 17:50 28/11/01, Bill Sommerfeld wrote:
>>On this issue, it looks like we have consensus that:
>>
>>  - there should be no mention of a des-cbc algorithm in the spec.
>>
>>  - implementations should treat algorithms they don't know about the
>>same as they treat algorithms they've been told not to use.
>
>Pardon ?
>
>I haven't seen this thread in some while.  I really disagree with the
>first conclusion.  DES-CBC is widely deployed with SSHv2 right now,
>so it ought to be mentioned.  That way a new implementer has a good 

Only the SSHv2 client and server software from SSH Inc supports DES-CBC
all other support the mandatory 3DES-CBC algorithm.  3DES != DES.

>chance of interoperating with the installed base.  Paranoid folks should 
>kindly note well that I'm not saying ANYTHING about what should be the 
>recommended or default algorithm used with SSHv2.

Since any compliant implementation MUST have 3DES-CBC they will always
interoperate providing the admin doesn't turn off 3DES.

I agree with the original statment there should be no mention of des-cbc
in the spec and implementions that don't support will correctly ignore it
if they are correctly implementing the spec.

--
Darren J Moffat

Follow-Ups:
- Re: des-cbc cipher
  - From: RJ Atkinson

Prev by Date: Re: des-cbc cipher
Next by Date: Re: des-cbc cipher
Previous by Thread: Re: des-cbc cipher
Next by Thread: Re: des-cbc cipher
Indexes:

Home | Main Index | Thread Index | Old Index