Re: des-cbc cipher

[RJ Atkinson <rja%inet.org@localhost>]

At 12:00 29/11/01, Niels Möller wrote:
>If you (or anybody else) really needs des-cbc, write up a document
>that defines "des-cbc%ssh.com@localhost" or "des-cbc%inet.org@localhost", and if you like,
>add a paragraph on bug compatibility that mentions that some existing
>implementations use the name "des-cbc" for the same thing.

What's needed is to document that using "des-cbc" (not "des-cbc@domain")
is permitted, but not required of anyone, and that using that token
(not the "des-cbc@domain" token) for that purpose does not make an
existing implementation non-compliant with the standards.

>[ Furthermore, I'd expect that in any real SSH communication where
>  des-cbc is used, at least one of the end-points doesn't support
>  3des-cbc, and is thus not complying with the spec. That makes the
>  issue look even more like a question of bug-compatibility. ]

No.  One might choose not to use 3DES even if it were available,
for example because the time to break DES-CBC is longer than the
information being protected is valuable (e.g. real-time stock quotes)
or because one's client/server is a tiny device with small CPU
where the computational expense is not justified for the value 
of the data being protected.

Ran
rja%inet.org@localhost