[31669] in North American Network Operators' Group
Re: RSA Patent Expired
daemon@ATHENA.MIT.EDU (Bora Akyol)
Thu Oct 5 13:08:45 2000
Message-ID: <000d01c02eee$93572570$ee3710ac@DL100779>
From: "Bora Akyol" <akyol@akyol.org>
To: "Joe Shaw" <jshaw@insync.net>,
"Richard A. Steenbergen" <ras@e-gerbil.net>
Cc: "Richard Welty" <rwelty@vpnet.com>,
"Bill Fumerola" <billf@chimesnet.com>,
"Hendrik Visage" <hvisage@is.co.za>,
"Bradly Walters" <bwalters@inet-direct.com>, <nanog@merit.edu>
Date: Thu, 5 Oct 2000 10:06:13 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
openssh source may be free but some of the libraries that it requires are
GPLd. This causes problems for including the ssh code on routers etc.
If I am mistaken, please email me privately, I would be glad to learn more
about this.
Bora
----- Original Message -----
From: "Joe Shaw" <jshaw@insync.net>
To: "Richard A. Steenbergen" <ras@e-gerbil.net>
Cc: "Richard Welty" <rwelty@vpnet.com>; "Bill Fumerola"
<billf@chimesnet.com>; "Hendrik Visage" <hvisage@is.co.za>; "Bradly Walters"
<bwalters@inet-direct.com>; <nanog@merit.edu>
Sent: Thursday, October 05, 2000 8:41 AM
Subject: RE: RSA Patent Expired
>
>
> On Wed, 4 Oct 2000, Richard A. Steenbergen wrote:
>
> > > except that nobody should be using ssh1 for _anything_ if they can
> > > possibly avoid it. even the orginal authors of ssh are strongly
> > > advocating
> > > consigning ssh1 to the trash heap of computer security.
> >
> > I think you're confused, ssh1 is still a very valid protocol. It is well
> > tested and proven, and in many cases better implemented then ssh2
(though
> > of course that may change eventually). Don't confuse the desire to make
> > money with insecurity.
>
> No, he's not confused. Supposedly, using any algorithm other than 3DES
> with SSH1 can set you up for some type of stream insertion attack. I've
> never seen it personally, but supposedly the threat does exist.
>
> Furthermore, OpenSSH supports ssh2 and is free, in both the free beer and
> the free speech way. The BSD license is cool like that.
>
> --
> Joseph W. Shaw - jshaw@insync.net
> Computer Security Consultant and Programmer
> Free UNIX advocate and all around nice guy.
>
>
