IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Your DISCUSS on draft-ietf-secsh-newmodes-05





On Wednesday, September 07, 2005 10:38:32 AM -0600 Joseph Galbraith <galb-list%vandyke.com@localhost> wrote:

Russ Housley wrote:
Bill:

I decided not to respond immediately to your note.  Instead, I thought
about it over the weekend.  Here is my argument for selecting at least
one of these modes as REQUIRED.

We know that the current REQUIRED algorithm is not as robust as we would
like.  It is not so flawed that we need to rush to a new one, but we
should plan an orderly migration.  By making one of these algorithms
REQUIRED, we are telling implementors where we are going.

I would like to see AES128-CTR be REQUIRED.

Rather than making newmodes specify a REQUIRED cipher as an
indication of direction, we could indicate it directly using
text of some form:

      It is widely recognized that the 3des-cbc cipher mode that
      is required by [TRANS] is a relatively weak cipher; however,
      other alternatives (such as the aes128-ctr mode described
      in this document) do not yet have the same level of common
      hardware based support as 3des-cbc or they may be too
      expensive to implement in hardware for some applications.
      As such, no cipher mode described in this document
      is REQUIRED; however, implementations SHOULD support
      at least aes128-ctr.

      At some future point, aes128-ctr may become a required
      cipher.

This would be my preferred solution.

Note that the AES and 3DES modes are already RECOMMENDED, which means the same thing as SHOULD. I agree that if we want to indicate direction, we should do so explicitly with text, rather than implicitly with a requirement.

The other thing I think we could reasonably do is update the RECOMMENDED and REQUIRED algorithms in SSH-TRANS when it advances to draft, including adding a normative reference to newmodes. Of course, this would be possible only if there were interoperable implementations which met the new requirement. And, it doesn't really address Russ's comment today.

-- Jeff



Home | Main Index | Thread Index | Old Index