IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
proposal: adding des-cbc to secsh-assignednumbers as HISTORIC
Since it was published, I've received one private comment.
repeat here.
As has been discussed in the past, it was suggested that the historic
use of des-cbc by some implementations of the sshv2 protocol should be
documented.
Based on this comment and some other previous discussion, I'm going to
propose that we add:
des-cbc [FIPS-46-3]. HISTORIC; see also page 4
of FIPS 46-3
to the encryption algorithms list, and
[FIPS-46-3] U.S. Dept. of Commerce, "Data Encryption
Standard (DES)". FIPS PUB 46-3, October 1999
to the references section. (If someone has a better cite, let us know).
---
Note in particular that section 12 on page 4 of 46-3 says:
With this modification of the FIPS 46-2 standard:
1. Triple DES (i.e., TDEA), as specified in ANSI X9.52 will be
recognized as a FIPS approved algorithm.
2. Triple DES will be the FIPS approved symmetric encryption
algorithm of choice.
3. Single DES (i.e., DES) will be permitted for legacy systems
only. New procurements to support legacy systems should, where
feasible, use Triple DES products running in the single DES
configuration.
(As I understand it, FIPS ("Federal Information Processing Standard")
specs have a role in determining what sorts of information processing
systems certain parts of the U.S. federal goverment may purchase,
hence the reference to "procurements" above).
The official definition of HISTORIC in RFC2026 is:
4.2.4 Historic
A specification that has been superseded by a more recent
specification or is for any other reason considered to be obsolete is
assigned to the "Historic" level.
- Bill
Home |
Main Index |
Thread Index |
Old Index