tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: disable HPN in sshd for the -10 branch?



On May 3, 13:00, Greg Troxel wrote:
} mlelstv%serpens.de@localhost (Michael van Elst) writes:
} 
} > Part of the HPN patches is to optionally strip encryption (and now even
} > integrity checks) for the data transfer. Doesn't fit into what
} > the OpenSSH people want, not even as an option.
} 
} I would say that doesn't really fit with what we want either, certainly
} without somebody really trying.  It breaks the rule that using ssh can
} count on confidentiality and integrity and makes systems with ssh as  a
} component harder to reason about.

     I would say it is something that should be available as an
option (likely a command line option).  ssh/scp has pretty much
completely replaced rsh/rcp (other than for people that go out of
their way to use those); however, there are many things that get
copied around that are completely public where encrypting them for
data transfer is useless overhead.  That said you likely still want
passwords encrypted and integrity checks.

}-- End of excerpt from Greg Troxel


Home | Main Index | Thread Index | Old Index