Re: des-cbc cipher

[Markus Friedl <markus%openbsd.org@localhost>]

On Thu, Nov 29, 2001 at 10:41:59AM -0500, RJ Atkinson wrote:
> At 10:29 29/11/01, Markus Friedl wrote:
> >but these implementations violate the drafts if they
> >use "des-cbc". they must use "des-cbc@domain".
> 
> The IETF traditionally does not change a spec after it is deployed
> such that existing implementations are gratuitously made non-compliant.
> Am I confused ?  Is this WG trying to make existing deployed SSHv2
> implementations non-compliant with its current drafts ?  

do you have an old WG draft that has specified "des-cbc" before?
i cannot find one in my archives.

so implementations using "des-cbc" -- i only know of ssh.com's software
and their author says it was accidentially assigned the name "des-cbc"
-- will not interoperate, since there was never any specification.

adding "des-cbc" to the spec does not unbreak these implementations,
it does not make them "compliant".

not adding "des-cbc" does not change them to "non-compliant", since
they have not been "compliant" before.  if some old implementations use
"des-cbc", well, good luck, they might interoperate. adding "des-cbc"
will not change their implemenation.

i really don't understand what all this is about.  if we modify the
drafts every now and then we will never have a _single_ compliant
implemenation since there never will be a SSHv2 standard.

thanks.