Re: updated transport & userauth drafts

To: Wei Dai <weidai%eskimo.com@localhost>
Subject: Re: updated transport & userauth drafts
From: RJ Atkinson <rja%extremenetworks.com@localhost>
Date: Fri, 1 Mar 2002 20:06:30 -0500


On Friday, March 1, 2002, at 07:06 , Wei Dai wrote:

I don't understand why we would want to standardize
on a weak protocol. If there is no consensus on a solution,
wouldn't it be better to wait until there is one?


There is clear consensus that SSHv2 in its current form requires
a lot more work for an adversary than the other available
alternatives.  The goal here is practical risk reduction,
not perfect security.  So we take what is practical to get
today (i.e. the current spec) and we can always update it
with additional new algorithsm later (if those algorithms
still look interesting after adequate Real Cryptographer(tm)
peer review).

Ran
rja%extremenetworks.com@localhost

References:
- Re: updated transport & userauth drafts
  - From: Wei Dai

Prev by Date: Re: updated transport & userauth drafts
Next by Date: Re: updated transport & userauth drafts
Previous by Thread: Re: updated transport & userauth drafts
Next by Thread: Re: updated transport & userauth drafts
Indexes:

Home | Main Index | Thread Index | Old Index