Re: Your DISCUSS on draft-ietf-secsh-newmodes-05

[Joseph Galbraith <galb-list%vandyke.com@localhost>]

Russ Housley wrote:
> Bill:
>
> I decided not to respond immediately to your note.  Instead, I thought 
> about it over the weekend.  Here is my argument for selecting at least 
> one of these modes as REQUIRED.
>
> We know that the current REQUIRED algorithm is not as robust as we would 
> like.  It is not so flawed that we need to rush to a new one, but we 
> should plan an orderly migration.  By making one of these algorithms 
> REQUIRED, we are telling implementors where we are going.
>
> I would like to see AES128-CTR be REQUIRED.

Rather than making newmodes specify a REQUIRED cipher as an
indication of direction, we could indicate it directly using
text of some form:

     It is widely recognized that the 3des-cbc cipher mode that
     is required by [TRANS] is a relatively weak cipher; however,
     other alternatives (such as the aes128-ctr mode described
     in this document) do not yet have the same level of common
     hardware based support as 3des-cbc or they may be too
     expensive to implement in hardware for some applications.
     As such, no cipher mode described in this document
     is REQUIRED; however, implementations SHOULD support
     at least aes128-ctr.

     At some future point, aes128-ctr may become a required
     cipher.

This would be my preferred solution.

Thanks,

Joseph