Re: Your DISCUSS on draft-ietf-secsh-newmodes-05

[Thor Simon <tls%cs.stevens.edu@localhost>]

On Tue, Sep 06, 2005 at 02:37:23PM -0400, Bill Sommerfeld wrote:
> On Tue, 2005-09-06 at 14:00, Russ Housley wrote:
> > We know that the current REQUIRED algorithm is not as robust as we would 
> > like.  It is not so flawed that we need to rush to a new one, but we should 
> > plan an orderly migration.  By making one of these algorithms REQUIRED, we 
> > are telling implementors where we are going.
> > 
> > I would like to see AES128-CTR be REQUIRED.
> 
> <wg chair hat off>
> "me too."  
> <wg chair hat on>
> 
> Anyone with an opinion on this topic who has *not* yet spoken up should
> do so sooner rather than later.  Please keep Russ CC:ed in this
> discussion.

My opinion is that AES-CBC and AES-CTR ought to be REQUIRED.  I think
that the people objecting that it might be too hard to add support for
additional cipher should be, if they're speaking of their own
implementations, ashamed of themselves -- or if they're speaking of
some hypothetical "other" implementation, brought back in touch with
reality: adding support for another common cipher is just not difficult,
and for those who happen to be on the certifications bandwagon (e.g.
FIPS 140), can be very easily stuffed in to the next round of
recertifications, since they're not allowed to make *any* changed to
their product without recertifying in any event.