Re: Proposed Meeting Discussion Items for the Core IDs

[nisse%lysator.liu.se@localhost (Niels Möller)]

Chris Lonvick <clonvick%cisco.com@localhost> writes:

> Hopefully we can close a bunch of these and open
> discussion for the rest.
> 
>   http://www.employees.org/~lonvick/secsh-wg/ietf61/secshwg.pdf

Some of the issues have already been discussed at some length on the
list.

Ticket 454: triple-des have too few key bits. I think we had consensus
to "grandfather" triple-des, however that's going to be expressed in
the spec. I.e. just note that triple-des doesn't quite satisfy the
requirements, and allow this exception for historical reasons and
backwards compatibility. I don't think it's a good idea to lower the
general recommendation on key length from 128 to 96 bits.

Ticket 461: "implicit server authentication". This has been discussed
on the list, we may even have had some proposed text.

Ticket 462: discouraging use of different algorithm for the two
directions. This has been discussed at length, I argued that it should
be allowed and up to local configuration, I don't remember who else
agreed with that.

I won't be at the meeting, but I think these three issues have been
discussed thoroughly enough on the list already, so I hope you can get
something more concrete out of the RL meeting than sending the issues
back to the mailinglist for another round.

Best regards,
/Niels