Home page logo
/

nanog logo nanog mailing list archives

RE: RSA Patent Expired
From: woods () weird com (Greg A. Woods)
Date: Wed, 4 Oct 2000 20:59:23 -0400 (EDT)


[ On Wednesday, October 4, 2000 at 19:43:55 (-0400), Richard A. Steenbergen wrote: ]
Subject: RE: RSA Patent Expired

I think you're confused, ssh1 is still a very valid protocol. It is well
tested and proven, and in many cases better implemented then ssh2 (though 
of course that may change eventually). Don't confuse the desire to make
money with insecurity.

It's not that the draft version of the SSH protocol is by design
insecure, but rather that it is somewhat broken when faced with
real-world requirements -- the design completely omits at least one very
critial requirement!  The fact that it works as well as it does is a
testament both to the ingenuity of its implementors and to the relative
reliability of the Internet as a whole.

(That's not to slight the initial design as "poor" either -- it was a
very ambitious undertaking and some things just had to wait until a
proof of concept turned into an indispensable tool!  I still use it
primarily today and I am only now slowly beginning a transition to
SSHv2.)

-- 
                                                        Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods () acm org>      <robohack!woods>
Planix, Inc. <woods () planix com>; Secrets of the Weird <woods () weird com>



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]