Jeffrey Hutzelman wrote:
compliant SSH implementation. If/when we want to deprecate *-cbc, we need to update the requirements for implementations of the SSH standard-to-be. This document could do that, but it does not presently claim to do so; it simply defines some additional encryption algorithms.
....
Question back: if we don't set any of these ciphers to REQUIRED, what happens interoperability-wise when CBC gets deprecated?I think I answered that above.
I don't think you did. You basically said "when we deprecate cbc, we require something else". In my view the time between "we require people to implement a counter-mode cipher" and "we deprecate cbc" should be measured in years. Unless I've misunderstood what you're saying, your proposal is to require the new interoperable cipher at the same time as taking the old one away. This doesn't seem like a practical option to me.
-- Jon Bright Silicon Circus Ltd. http://www.siliconcircus.com