Re: updated transport & userauth drafts

To: Bill Sommerfeld <sommerfeld%east.sun.com@localhost>
Subject: Re: updated transport & userauth drafts
From: Wei Dai <weidai%eskimo.com@localhost>
Date: Fri, 1 Mar 2002 16:58:51 -0800

On Fri, Mar 01, 2002 at 07:12:43PM -0500, Bill Sommerfeld wrote:
> ssh is (much) more than just the encryption; the encryption part is
> just one detail of the protocol, and it's a modularly replaceable
> part.

I think the encryption is much more than a detail. It's one of the two
most important services that ssh provides (the other one being the
authentication).

Sure ssh also does shells and file transfers and so on, but everyone would
still be using rcp and rsh if it weren't for the encryption and
authentication that ssh provides.

Even if we decide not to put in the proposed fix, we need to at least
mention the attack in the security considerations section. I don't see how
it could be completely ignored.

References:
- Re: updated transport & userauth drafts
  - From: Wei Dai
- Re: updated transport & userauth drafts
  - From: Bill Sommerfeld

Prev by Date: Re: updated transport & userauth drafts
Next by Date: Re: updated transport & userauth drafts
Previous by Thread: Re: updated transport & userauth drafts
Next by Thread: Re: updated transport & userauth drafts
Indexes:

Home | Main Index | Thread Index | Old Index