-c none option

Dan Kaminsky dan at doxpara.com
Tue Dec 11 12:44:19 EST 2001


> That is kinda like telling a cop in the US.. "I just bought the bong for
> decoration!  Honest!  I don't even smoke that stuff!" =)  It would go over
> like a lead brick.

Actually, ssh is in my mind the single best method for remote invocation of
commands, as well as TCP tunneling, encryption or not.  It is cross
platform, stable as hell, and well-authenticated.  It is probably the single
cleanest method of getting a remote shell with all terminal weirdness
handled.  Even if I had an ipsec-authenticated link to a remote site, I'd
*still* use SSH for alot of my work.

That being said ... debugging isn't a compelling enough reason for -c none
to exist by default, and except for gigabit links -c arcfour is going to be
fast enough.  Whatever performance problems SSH is having, I doubt it's
because of the crypto.  So I'm pretty much convinced there shouldn't be a -c
none option by default, and I wasn't before.

But what about as a compile-time option, i.e. ./configure --with-null-crypto
?  It's the worst tendancy of Microsoft to make an absolute policy statement
for the "benefit" of the user, despite substantial minority interest in the
contrary.  If the code for this were to drop on your doorstep, what then?

Yours Truly,

    Dan Kaminsky
    DoxPara Research
    http://www.doxpara.com





More information about the openssh-unix-dev mailing list