Re: [Fwd: [Russ Housley] DISCUSS: draft-ietf-secsh-newmodes-05]

[der Mouse <mouse%Rodents.Montreal.QC.CA@localhost>]

> I'd expect that users concerned with this attack will therefore want
> to move to a world where it is possible to disable CBC-mode ciphers.

> I think that, alone, justifies making one or more of the ciphers
> REQUIRED, to avoid a situation where two implementations would be
> required to fall back to 3des-cbc because neither implements the same
> counter-mode cipher.

I don't see this as an issue.  There's always the risk of not agreeing
on a cipher; even if everyone were to pay attention to the REQUIREDs,
admins can still tell implementations to refuse to use them.

Furthermore, "a world where it is possible to disable CBC-mode ciphers"
is what we already have.  Certainly my implementation, and I think
every other implementation I've looked at (all two? of them :), can be
told to refuse to use any desired subset of the ciphers it implements,
regardless of what any spec may name REQUIRED.

Unless you mean "a world where it is practical to disable CBC-mode
ciphers and still expect to interoperate with arm's-length third
parties", in which case naming anything REQUIRED in newmodes won't do
that unless you can also guarantee not only sufficiently universal
implementation of newmodes but paying attention to that REQUIRED.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse%rodents.montreal.qc.ca@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B