tech-security: The Talk: ssh

Subject: The Talk: ssh - are you nuts!?!
To: None <tech@openbsd.org>
From: None <opentrax@email.com>
List: tech-security
Date: 01/04/2001 03:29:32
			SSH - are you nuts!?!
			by Jesus Monroy, Jr.

I'm too tired to get this out, but i promised it would
be available, so here it is.

The Offical Part
----------------
On Jan. 4, 2001, a talk entitled "ssh - are you nuts!?!"
will be given at the SVBUG (Silicon Valley BSD User Group)
monthly meeting by Club President Jesse Monroy, Jr.
Details available at:

	http://www.svbug.com/events/


My part
-------
Today at 7:45pm (local time) this talk will start.
People say I'm nuts, sometimes I think they are
right. Currently, I've heard hundreds of points
of views, read dozens of papers, and comtemplated
solutions with vicious circles. Two days before
Christmas I related this to my brother-in-law,
a Havard/Yale/Cambridge MBA. His response was,
"Builds character."; hmm.. Thanks.

Other club presidents ask me, "Are you serious
about this?" My business partner expressed, just 
after Christmas, "Is this worth it?"  I'll admit, 
at times, this whole thing has been a bit crazy.

So as I've said today at 7:45pm local time, here
in Silicon Valley, I will be speaking. 
The title is "SSH - are you nuts!?!"

What do I mean by this? Well to get exactly what
I mean you may:

1) Come to the talk. Details are available at:
	http://www.svbug.com/events/
2) See my notes after the talk - posted to:
	http://www.svbug.com/past/
3) Or see the event with on-line video
   when it's available later this year.

For those you you interested, below are selected points from my talk.
-------------------------------------------------------------------
-What I won't  be saying
	-SSH is evil.
	-SSH is useless.
	-SSH is a bad idea.
	-Authentication/Encryption is a hoax or does not work.
	-Public Key Encryption does not work. (I have no proof.)
	-I can break Public Key Encryption. (At least, not now.)
	-I USE SSH. (1 or 2)
	-I never intend to use SSH.
	-My systems have never been compromised.
-My frame of reference
-What I will be saying
	-Voice my personal complaints
	-Expose encryption/security myths
	-Investigate the technical specs/issues
	-Investigage Technical, Social, Economic, Financial Problems
	-Investigate attackers and attacks
	-Tell you where to get SSH
	-Showing alternatives
-Why I'm doing this
-My Personal Complaints
-What people have to say
-SSHv1 vs. SSHv2
-SSHv2 Features
-The SSH Specs (the problems within)
-Authentication/Encryption - Two methods to argue
	-can never be broken
	-can always be broken
-SSH(v2) Faults
	-New Technical problems it creates
	-Technical Problems outside of SSH control
	-There are common misconceptions about it's functionality
	-Social Problems
        -Economic Problems
	-Financial Problems
	-Still Subject to ...
-Who wants your data
-What is the Man-In-The-Middle
-Your Governments Involvement
-What SSH programs there are
-What alternatives you have
	-Start with a Strategem
	-Technical Prevention
	-Technical Counter Measures
-Last words