RE: New version of rsa-sha2-512 draft posted: no more DSA

To: denis bider <ietf-ssh3%denisbider.com@localhost>
Subject: RE: New version of rsa-sha2-512 draft posted: no more DSA
From: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Date: Sat, 7 Nov 2015 03:46:03 +0000

denis bider <ietf-ssh3%denisbider.com@localhost> writes:

>I was wondering how much SSH there is on embedded devices. I'm glad to hear
>you have that covered. :-)

A surprising amount, a lot of stuff that used to be done via a serial console
just got wrapped in SSH when the devices were Internet-enabled.  It means you
can keep using the same tools you've always used (TLS-protected web interfaces
may look cool on consumer devices, and there's some use coming in SCADA, but
you can't script them or manage them easily with standard tools).

The downside is that I've got workarounds for 15-year-old implementation bugs
still active in my code, because the software gets updated as infrequently as
the hardware, and the standards-conformance test for any SSH implementation is
"will putty connect to it?".

OK, drifting off-topic there :-).

Hmm, I wonder if it'd be worth doing a profile of SSH for embedded use?  It'd
certainly help clear some interop headaches, and give the SCADA folks a target
to aim for.

Peter.

Follow-Ups:
- Re: New version of rsa-sha2-512 draft posted: no more DSA
  - From: Niels Möller

References:
- Re: New version of rsa-sha2-512 draft posted: no more DSA
  - From: denis bider

Prev by Date: DH group exchange (Re: SSH key algorithm updates)
Next by Date: Re: DH group exchange (Re: SSH key algorithm updates)
Previous by Thread: Re: New version of rsa-sha2-512 draft posted: no more DSA
Next by Thread: Re: New version of rsa-sha2-512 draft posted: no more DSA
Indexes:

Home | Main Index | Thread Index | Old Index