North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: RSA Patent Expired
- From: Bora Akyol
- Date: Thu Oct 05 13:09:38 2000
openssh source may be free but some of the libraries that it requires are
GPLd. This causes problems for including the ssh code on routers etc.
If I am mistaken, please email me privately, I would be glad to learn more
----- Original Message -----
From: "Joe Shaw" <email@example.com>
To: "Richard A. Steenbergen" <firstname.lastname@example.org>
Cc: "Richard Welty" <email@example.com>; "Bill Fumerola"
<firstname.lastname@example.org>; "Hendrik Visage" <email@example.com>; "Bradly Walters"
Sent: Thursday, October 05, 2000 8:41 AM
Subject: RE: RSA Patent Expired
> On Wed, 4 Oct 2000, Richard A. Steenbergen wrote:
> > > except that nobody should be using ssh1 for _anything_ if they can
> > > possibly avoid it. even the orginal authors of ssh are strongly
> > > advocating
> > > consigning ssh1 to the trash heap of computer security.
> > I think you're confused, ssh1 is still a very valid protocol. It is well
> > tested and proven, and in many cases better implemented then ssh2
> > of course that may change eventually). Don't confuse the desire to make
> > money with insecurity.
> No, he's not confused. Supposedly, using any algorithm other than 3DES
> with SSH1 can set you up for some type of stream insertion attack. I've
> never seen it personally, but supposedly the threat does exist.
> Furthermore, OpenSSH supports ssh2 and is free, in both the free beer and
> the free speech way. The BSD license is cool like that.
> Joseph W. Shaw - firstname.lastname@example.org
> Computer Security Consultant and Programmer
> Free UNIX advocate and all around nice guy.