IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: updated transport & userauth drafts




On Friday, March 1, 2002, at 07:06 , Wei Dai wrote:
I don't understand why we would want to standardize
on a weak protocol. If there is no consensus on a solution,
wouldn't it be better to wait until there is one?

There is clear consensus that SSHv2 in its current form requires
a lot more work for an adversary than the other available
alternatives.  The goal here is practical risk reduction,
not perfect security.  So we take what is practical to get
today (i.e. the current spec) and we can always update it
with additional new algorithsm later (if those algorithms
still look interesting after adequate Real Cryptographer(tm)
peer review).

Ran
rja%extremenetworks.com@localhost




Home | Main Index | Thread Index | Old Index