Re: potential disclaimer for the transport draft.

To: Bill Sommerfeld <sommerfeld%orchard.arlington.ma.us@localhost>
Subject: Re: potential disclaimer for the transport draft.
From: Wei Dai <weidai%eskimo.com@localhost>
Date: Wed, 20 Mar 2002 20:24:07 -0800

On Tue, Mar 19, 2002 at 09:16:44AM -0500, Bill Sommerfeld wrote:
> > On any particular system, it's probably not the biggest hole, but it
> > quite likely is the biggest hole on *some* real-world systems.
> 
> I think you severely underestimate how many latent undiscovered
> security holes are out there at the moment.. I don't think we have
> *any* reason to believe that.

Ok, let me rephrase that: it quite likely is the biggest *known* hole on
some real-world systems. The point remains that we can't be confident that
it's not a threat to any real world system.

> We haven't decided on the fix.  If we choose to fix the problem by
> introducing new ciphers, the document which specifies them can
> deprecate the old ciphers.  We could investigate new ciphers,
> determine we can't agree on the right ones, and fall back to fixing
> the problem some other way (i.e., start each block of ciphertext with
> an SSH_MSG_IGNORE).

Regarding the parenthetical suggestion, I thought each SSH packet can
contain only one message. Is that incorrect?

Follow-Ups:
- Re: potential disclaimer for the transport draft.
  - From: RJ Atkinson
- Re: potential disclaimer for the transport draft.
  - From: Niels Möller
- Re: potential disclaimer for the transport draft.
  - From: Wei Dai

References:
- Re: potential disclaimer for the transport draft.
  - From: Bill Sommerfeld

Prev by Date: Re: SFTP owner, group and mode flags...
Next by Date: Re: potential disclaimer for the transport draft.
Previous by Thread: Re: potential disclaimer for the transport draft.
Next by Thread: Re: potential disclaimer for the transport draft.
Indexes:

Home | Main Index | Thread Index | Old Index