Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: RSA Patent Expired

  • From: Greg A. Woods
  • Date: Wed Oct 04 21:04:04 2000

[ On Wednesday, October 4, 2000 at 19:43:55 (-0400), Richard A. Steenbergen wrote: ]
> Subject: RE: RSA Patent Expired
>
> I think you're confused, ssh1 is still a very valid protocol. It is well
> tested and proven, and in many cases better implemented then ssh2 (though 
> of course that may change eventually). Don't confuse the desire to make
> money with insecurity.

It's not that the draft version of the SSH protocol is by design
insecure, but rather that it is somewhat broken when faced with
real-world requirements -- the design completely omits at least one very
critial requirement!  The fact that it works as well as it does is a
testament both to the ingenuity of its implementors and to the relative
reliability of the Internet as a whole.

(That's not to slight the initial design as "poor" either -- it was a
very ambitious undertaking and some things just had to wait until a
proof of concept turned into an indispensable tool!  I still use it
primarily today and I am only now slowly beginning a transition to
SSHv2.)

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.