At 03:43 29/11/01, Markus Friedl wrote:
However, if you need to have DES-CBC, write a document,
use "des-cbc%inet.org@localhost" and everything will be fine.
Regrettably, that doesn't help at all -- because it doesn't document
how to implement such that one can interoperate with the installed base
of DES-CBC implementations of SSHv2. There are multiple such
implementations and an installed base of users.
I'd REALLY prefer to resolve this in the WG. I've tried to
propose several forms of packaging that would both let the technical
detail get documented and also let folks who have passion against
DES-CBC document their issues/concerns/recommendations and also make
it crystal clear that DES-CBC isn't something an implementation is
expected to support. If we can't resolve this issue here, then an appeal
is likely -- which will necessarily delay the documents substantially
(delay being explicitly NOT my objective). Sigh.
Yours,
Ran
rja%inet.org@localhost