Re: des-cbc cipher

To: rja%inet.org@localhost
Subject: Re: des-cbc cipher
From: Darren Moffat <Darren.Moffat%eng.sun.com@localhost>
Date: Wed, 28 Nov 2001 17:52:52 -0800 (PST)

>At 20:07 28/11/01, Damien Miller wrote:
>>They will interop just fine if they follow Bill's second point and 
>>ignore des-cbc.
>
>Not accurate.  They won't be able to talk with remote end systems that
>want to talk des-cbc, which is the definition of interoperability that
>matters here.

Since 3DES-CBC is the MANDATORY algorithm all implementations that
comply with the spec will have it, therefore it is an admin choice to
disable 3DES-CBC in favour of DES-CBC thus the admin should only do this
if they know that all connecting clients will provide the weak DES-CBC
method.

To my knowlege only SSH Inc code supplies DES-CBC, and I don't believe
all of their engineers agree with doing so.

Why is DES-CBC so important to you ?

--
Darren J Moffat

Follow-Ups:
- Re: des-cbc cipher
  - From: Derek Fawcus
- Re: des-cbc cipher
  - From: RJ Atkinson

Prev by Date: Re: des-cbc cipher
Next by Date: Re: des-cbc cipher
Previous by Thread: Re: des-cbc cipher
Next by Thread: Re: des-cbc cipher
Indexes:

Home | Main Index | Thread Index | Old Index