Re: des-cbc cipher

[nisse%lysator.liu.se@localhost (Niels Möller)]

RJ Atkinson <rja%inet.org@localhost> writes:

> At 17:50 28/11/01, Bill Sommerfeld wrote:
> >  - there should be no mention of a des-cbc algorithm in the spec.
>
> I haven't seen this thread in some while.  I really disagree with the
> first conclusion.  DES-CBC is widely deployed with SSHv2 right now,
> so it ought to be mentioned.

As far as I understand, the fact that SSH Inc's implementation use the
name "des-cbc", rather than "des-cbc%ssh.com@localhost", is an accidental bug
that'll be fixed in the their next release.

Even if I don't think it's totally outrageous to document "des-cbc" to
the spec, as long as its use is discouraged, there are a lot of other
bugs in various versions of ssh implementations, including SSH Inc's,
that does a lot more damage to interoperation than this one. I don't
see why it is necessary or desirable to change the spec to match this
particular bug.

If you (or anybody else) really needs des-cbc, write up a document
that defines "des-cbc%ssh.com@localhost" or "des-cbc%inet.org@localhost", and if you like,
add a paragraph on bug compatibility that mentions that some existing
implementations use the name "des-cbc" for the same thing.

Would that solve the problem? To me, des-cbc seems like a specialized
algorithm, useful only under very specialized circumstances (like if
you're trying to export boxes from certain countries, or have
customers that for some peculiar reason *insists* on using plain des),
and therefore it makes sense to specify it independently from the core
drafts.

[ Furthermore, I'd expect that in any real SSH communication where
  des-cbc is used, at least one of the end-points doesn't support
  3des-cbc, and is thus not complying with the spec. That makes the
  issue look even more like a question of bug-compatibility. ]

/Niels