[Bug 877] ssh 3.8.1p1 client cannot disable encryption with "-c none"
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Jun 8 06:27:51 EST 2004
http://bugzilla.mindrot.org/show_bug.cgi?id=877
------- Additional Comments From mohit_aron at hotmail.com 2004-06-08 06:27 -------
> 1) how much faster is "none" compared to "arcfour"?
You guys have the numbers - as long as its faster I want to use it. Like I said
its painful forwarding X over the Internet, I'd like to get as much performance
as I can.
> 2) not having "none" makes it harder for people to send plaintext by accident
Not having "none" makes it impossible for everyone to send plaintext - this
hurts people who know what they are doing.
> 3) you still have to use integrity protection
Not in situations where its not needed. If I'm transferring a data file
containing a public domain rpm, I'm happy with the integrity that tcp
checksumming offers.
> 4) it's too easy to screw up the ipsec setup
Are you saying its too easy to compromise IPsec security ? As long as I trust
the security offered by my VPN, I want to use plaintext ssh channels over it.
> 5) sshd cannot tell whether the connection is protected by ipsec.
So should sshd enforce security even when connection IS protected by ipsec ?
I think not - that decision should be left to the user.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list