Re: [ssh] Host key sync - "global-requests-ok" extension

[Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>]

denis bider <ietf-ssh3%denisbider.com@localhost> writes:

>I'm sure new implementation would be concerned about connecting to OpenSSH.
>It would be hard to ignore that at least CTR is needed, if not AES-GCM or
>ChaCha.

This is both legacy stuff going back forever (see my post a few days ago about
running into OpenSSH 3.(7?) on a current system), and embedded which never
gets updated.  The universal connector outside of the M2M SCADA
implementations, client-side at least, seems to be Putty, which can talk to
anything so a lot of the time the problem isn't noticed (that is, the
acceptance test for whether it's a correctly working SSH implementation is
"can Putty connect to it?").

I can see why you'd need to disable CBC, but the problem is really the
security scanners which make a one-size-fits-all assumption.  That's outside
the scope of the WG though...

Peter.