[31657] in North American Network Operators' Group
RE: RSA Patent Expired
daemon@ATHENA.MIT.EDU (Greg A. Woods)
Wed Oct 4 21:01:59 2000
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
From: woods@weird.com (Greg A. Woods)
To: nanog@merit.edu
In-Reply-To: <Pine.BSF.4.21.0010041939571.373-100000@overlord.e-gerbil.net>
Reply-To: woods@weird.com (Greg A. Woods)
Message-Id: <20001005005923.EEB4E4@proven.weird.com>
Date: Wed, 4 Oct 2000 20:59:23 -0400 (EDT)
Errors-To: owner-nanog-outgoing@merit.edu
[ On Wednesday, October 4, 2000 at 19:43:55 (-0400), Richard A. Steenbergen wrote: ]
> Subject: RE: RSA Patent Expired
>
> I think you're confused, ssh1 is still a very valid protocol. It is well
> tested and proven, and in many cases better implemented then ssh2 (though
> of course that may change eventually). Don't confuse the desire to make
> money with insecurity.
It's not that the draft version of the SSH protocol is by design
insecure, but rather that it is somewhat broken when faced with
real-world requirements -- the design completely omits at least one very
critial requirement! The fact that it works as well as it does is a
testament both to the ingenuity of its implementors and to the relative
reliability of the Internet as a whole.
(That's not to slight the initial design as "poor" either -- it was a
very ambitious undertaking and some things just had to wait until a
proof of concept turned into an indispensable tool! I still use it
primarily today and I am only now slowly beginning a transition to
SSHv2.)
--
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
