Re: [Fwd: [Russ Housley] DISCUSS: draft-ietf-secsh-newmodes-05]

To: sommerfeld%sun.com@localhost, ietf-ssh%netbsd.org@localhost
Subject: Re: [Fwd: [Russ Housley] DISCUSS: draft-ietf-secsh-newmodes-05]
From: Ben Harris <bjh21%bjh21.me.uk@localhost>
Date: Mon, 29 Aug 2005 19:07:01 +0100

In article <1125337411.453.8.camel@thunk> you write:
>Some review comments from Russ Housley.
...
>>DISCUSS
>>
>>   All of the encryption modes described in this document are RECOMMENDED
>>   or OPTIONAL.  Why isn't one of them REQUIRED?
...
>As a strawman resolution to the DISCUSS comment, how about making
>aes128-ctr REQUIRED?   (this new requirement has no effect on
>implementations which don't claim to implement newmodes).

I'd prefer to make 3des-ctr the REQUIRED algorithm, since all SSH
implementations are required to have 3DES code around anyway to support
3des-cbc, so anyone implementing newmodes can put in 3des-ctr support
trivially, whereas aes128-ctr might be a lot more effort or even impossible
(imagine a small implementation without room for both 3DES and AES).

This does raise the question of how to arrange a transition to AES (or
whatever) in the longer term, but I don't think it should be done on the
back of newmodes.

-- 
Ben Harris

Follow-Ups:
- Re: [Fwd: [Russ Housley] DISCUSS: draft-ietf-secsh-newmodes-05]
  - From: Jeffrey Hutzelman

References:
- [Fwd: [Russ Housley] DISCUSS: draft-ietf-secsh-newmodes-05]
  - From: Bill Sommerfeld

Prev by Date: Re: New draft possibilities
Next by Date: Re: [Fwd: [Russ Housley] DISCUSS: draft-ietf-secsh-newmodes-05]
Previous by Thread: [Fwd: [Russ Housley] DISCUSS: draft-ietf-secsh-newmodes-05]
Next by Thread: Re: [Fwd: [Russ Housley] DISCUSS: draft-ietf-secsh-newmodes-05]
Indexes:

Home | Main Index | Thread Index | Old Index