-c none option

Corinna Vinschen vinschen at redhat.com
Sat Dec 8 23:23:06 EST 2001


On Fri, Dec 07, 2001 at 03:40:27PM -0800, Jason Stone wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> >     The SSH2 protocol separated authentication and message integrity
> > from encryption.  As such, OpenSSH *should* be supporting None as an
> > encryption type while enforcing authenticated packets w/ hmac-md5 or
> > something similar. It isn't.
> 
> Also, many governments regulate the use of "cryptographic" algorithms, but
> not "authentication" algorithms.  In particular, for many years you could
> not export 56-bit DES implementations from the US, but you could export
> any MD5 or SHA1 implementation.
> 
> Supporting cipher=none with MAC'd packets might make it legal to use ssh
> in some countries where it couldn't otherwise be used, and while it would

Just because an encryption implementation couldn't be exported from
the US, it doesn't mean they weren't available.  That would mean
that there were no developers outside of the US ;-)

Corinna

-- 
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:vinschen at redhat.com



More information about the openssh-unix-dev mailing list