IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: IESG feedback on core drafts.



Frank Cusack  wrote:
>On Mon, Mar 31, 2003 at 08:08:59AM -0800, Chris Lonvick wrote:
>>    The "none" cipher is provided for debugging and should never be used
>>    except for that purpose.  It's cryptographic properties are
>>    sufficiently described in RFC 2410.
>
>I believe the "none" cipher has legitimate uses besides debugging.  You
>may want the authentication mechanisms provided by SSH, but not the data
>confidentiality.  EG: you are copying already encrypted data between
>machines that have such low CPU power that encryption is a significant
>overhead.

Do you really think there is any real-world case where this will come up?
Remember, to use SSH you have to be able to do a public-key operation.
I'm hard-pressed to imagine any scenario where the public-key operation
is feasible but there is no symmetric-key encryption that will be.

Allowing people to use the none cipher is asking for trouble.  Many people
expect the (symmetric-key) crypto to be much more expensive than it really
is.  The ``SHOULD NOT use "none" cipher'' language seems reasonable.



Home | Main Index | Thread Index | Old Index