i recently saw [2] listed as the last cipher in somebody's public key the key didn't specify 3DES neither - that goes against the RFC but how is that possible ?