Re: [Fwd: [Russ Housley] DISCUSS: draft-ietf-secsh-newmodes-05]

[Jeffrey Hutzelman <jhutz%cmu.edu@localhost>]

On Monday, August 29, 2005 07:07:01 PM +0100 Ben Harris <bjh21%bjh21.me.uk@localhost> 
wrote:

> In article <1125337411.453.8.camel@thunk> you write:
> > Some review comments from Russ Housley.
> ...
> > > DISCUSS
> > >
> > >   All of the encryption modes described in this document are RECOMMENDED
> > >   or OPTIONAL.  Why isn't one of them REQUIRED?
> ...
> > As a strawman resolution to the DISCUSS comment, how about making
> > aes128-ctr REQUIRED?   (this new requirement has no effect on
> > implementations which don't claim to implement newmodes).
>
> I'd prefer to make 3des-ctr the REQUIRED algorithm, since all SSH
> implementations are required to have 3DES code around anyway to support
> 3des-cbc, so anyone implementing newmodes can put in 3des-ctr support
> trivially, whereas aes128-ctr might be a lot more effort or even
> impossible (imagine a small implementation without room for both 3DES and
> AES).
>
> This does raise the question of how to arrange a transition to AES (or
> whatever) in the longer term, but I don't think it should be done on the
> back of newmodes.


Russ's comment notwithstanding, I don't think we actually need any of the 
modes described in newmodes to be REQUIRED.  It's one thing to say "if you 
support ssh then you MUST support 3des-cbc".  It's quite another to say "if 
you support 3des-ctr then you MUST also support aes128-ctr" or vice versa. 
The former insures that ssh implementations will be interoperable; the 
latter does not appear to me to add any value.

-- Jeff