Re: des-cbc cipher

[Markus Friedl <markus%openbsd.org@localhost>]

On Thu, Nov 29, 2001 at 02:36:14PM -0500, RJ Atkinson wrote:
> At 11:25 29/11/01, Markus Friedl wrote:
> >so implementations using "des-cbc" -- i only know of ssh.com's software
> >and their author says it was accidentially assigned the name "des-cbc"
> >-- will not interoperate, since there was never any specification.
> 
> There are several actually.  They interoperate using the token "des-cbc"
> just fine today.

what implementations?

> >not adding "des-cbc" does not change them to "non-compliant", since
> >they have not been "compliant" before.  
> 
> Not so.  The spec didn't strictly prohibit the use of "des-cbc" 
> (as different from "des-cbc@domain" all along.  That's the part 
> that makes the deployed implementations non-compliant.

it's obvious from draft-ietf-secsh-transport-00.txt that the
"alg@domain" notation must be used for "additional algorithms" that are
not "defined in the base protocol":
  
  [...] There are two formats for algorithm
  identifiers:
  
  o  Algorithms defined in the base protocol are simple strings, such as
     "3des-cbc", "sha-1", "hmac-sha", or "zip" (the quotes are not part of
     the name).  Defined algorithms may be mandatory or optional.  All
     interoperable implementations should implement mandatory algorithms
     and offer them as a possibility in key exchanges.  Optional
     algorithms are not crucial for interoperability, but may provide
     better performance or other advantages.  It is up to an
     implementation to decide which of these are supported and which are
     offered in key exchanges by default.
  
  o  Anyone can define additional algorithms by using names in the format
     name@domainname, e.g. "ourcipher-cbc%ssh.fi@localhost".  The format of the part
     preceding the at sign is not specified; it may contain any non-
     control characters except at signs and commas.  The part following
     the at sign should be a valid internet domain name for the
     organization defining the name.  It is up to the each organization
     how they manage its locally defined names.
  
  [...]
  
  The following ciphers are currently defined:
  
            none             optional          no encryption
            3des-cbc         mandatory         three-key 3DES in CBC mode
            idea-cbc         optional          IDEA in CBC mode
            arcfour          optional          ARCFOUR stream cipher
            blowfish-cbc     optional          Blowfish in CBC mode
  
  [...]