Re: des-cbc cipher

To: Thor Simon <tls%cs.stevens-tech.edu@localhost>
Subject: Re: des-cbc cipher
From: Bill Sommerfeld <sommerfeld%east.sun.com@localhost>
Date: Mon, 03 Dec 2001 14:30:45 -0500

> As has been repeatedly pointed out, the implementations that existed
> when the draft first appeared (and did *not* include the des-cbc cipher)
> were of a different, if ancestral protocol...

So, this being "ancestral", seems like it would be appropriate to list
them (in the IANA registry once it exists) as Historic.

Ran pointed out to me that a strict reading of the spec as it stands
now would be that interoperable implementations otherwise compliant to
the spec become non-compliant simply because they offer to use
"des-cbc" as a crypto algorithm in addition to (for example) 3des.

This strikes me as unnecessarily harsh, in particular because the
language in the architecture draft stating that un-@-qualified ssh
protocol names are assigned soley by IETF consensus is significantly
more recent than the current generation of the protocol (to my
knowledge, it was first discussed in detail around the time of the San
Diego ietf about a year ago).

Before that text was added to the draft, the use of non-@-qualified
names was designated as "assigned by IANA"; this turns out to have
very little meaning -- as IANA requires guidance from the IETF in how
to do these assignments, and no such registry exists (and it won't
exist until our documents get to the IESG).  So it strikes me as
unnecessarily restrictive to attempt to exert retroactive control
here.

Anyhow, RFC2026 says about the "historic" designation:

   A specification that has been superseded by a more recent
   specification or is for any other reason considered to be obsolete
   is assigned to the "Historic" level.

This seems to fit the situation closely; also, according to Jeff
Schiller, it is possible for RFC's to be "born historic".

What does this mean for the specs:

 - No change is necessary to the core protocol drafts.

 - The working group needs to allocate "des-cbc" as historic
   (deprecated) and/or Not Recommended

 - an additional working group document (which I believe Ran has
volunteered to write) would designate des-cbc as historic and
deprecated, and would be intended for publication as a Historic RFC.

					- Bill

Follow-Ups:
- Re: des-cbc cipher
  - From: Niels Möller

References:
- Re: des-cbc cipher
  - From: Thor Simon

Prev by Date: I have DSA host key problem.
Next by Date: Re: des-cbc cipher
Previous by Thread: Re: des-cbc cipher
Next by Thread: Re: des-cbc cipher
Indexes:

Home | Main Index | Thread Index | Old Index