Re: additional core draft nits in need of WG attention.

To: jon%siliconcircus.com@localhost
Subject: Re: additional core draft nits in need of WG attention.
From: pgut001%cs.auckland.ac.nz@localhost (Peter Gutmann)
Date: Thu, 20 Nov 2003 17:43:26 +1300

Jon Bright <jon%siliconcircus.com@localhost> writes:

>Peter Gutman didn't mail to say whether his implementation supports AES or
>not (since his policy is to support as little as possible,

Whatever gave you that impression?  I support anything that (a) makes sense
(for example supporting telnet options in a non-interactive, non-telnet app
isn't very useful) and (b) isn't a potential security problem.  In the case of
AES I support it in the client (as a second choice after 3DES), but it's
currently commented out in the server because the client gets to choose the
algorithm, so even if the server advertises AES as its least-preferred choice
the client always latches onto that (by specifying it as its most-preferred
one) and the server has to use AES anyway.  Once it passes the five-year test
(five years from publication/release without serious weaknesses discovered)
I'll uncomment it, and people who always want to use AES can always uncomment
it themselves.  Apart from that I do the stuff I described in an earlier
message: { "whatever the user has enabled" union "3des, blowfish, cast, idea,
rc4" } alongside any custom algorithms the user (meaning the person who built
the code) has added.

Peter.

Prev by Date: I-D ACTION:draft-ietf-secsh-scp-sftp-ssh-uri-01.txt
Next by Date: Re: Comments on DH-GEX draft
Previous by Thread: Re: additional core draft nits in need of WG attention.
Next by Thread: Re: additional core draft nits in need of WG attention.
Indexes:

Home | Main Index | Thread Index | Old Index