Re: IESG feedback on core drafts.

To: ietf-ssh%netbsd.org@localhost
Subject: Re: IESG feedback on core drafts.
From: daw%mozart.cs.berkeley.edu@localhost (David Wagner)
Date: 3 Apr 2003 09:04:04 GMT

Frank Cusack  wrote:
>On Mon, Mar 31, 2003 at 08:08:59AM -0800, Chris Lonvick wrote:
>>    The "none" cipher is provided for debugging and should never be used
>>    except for that purpose.  It's cryptographic properties are
>>    sufficiently described in RFC 2410.
>
>I believe the "none" cipher has legitimate uses besides debugging.  You
>may want the authentication mechanisms provided by SSH, but not the data
>confidentiality.  EG: you are copying already encrypted data between
>machines that have such low CPU power that encryption is a significant
>overhead.

Do you really think there is any real-world case where this will come up?
Remember, to use SSH you have to be able to do a public-key operation.
I'm hard-pressed to imagine any scenario where the public-key operation
is feasible but there is no symmetric-key encryption that will be.

Allowing people to use the none cipher is asking for trouble.  Many people
expect the (symmetric-key) crypto to be much more expensive than it really
is.  The ``SHOULD NOT use "none" cipher'' language seems reasonable.

Follow-Ups:
- Re: IESG feedback on core drafts.
  - From: Frank Cusack

References:
- Re: IESG feedback on core drafts.
  - From: Eric Rescorla
- Re: IESG feedback on core drafts.
  - From: Chris Lonvick
- Re: IESG feedback on core drafts.
  - From: Frank Cusack

Prev by Date: Re: IESG feedback on core drafts.
Next by Date: Re: IESG feedback on core drafts.
Previous by Thread: Re: IESG feedback on core drafts.
Next by Thread: Re: IESG feedback on core drafts.
Indexes:

Home | Main Index | Thread Index | Old Index