encrypt authentication credentials with payload in the clear?
Scott Bolte
listS+openssh-unix-dev at niss.com
Wed Mar 5 13:39:54 EST 2003
On Tue, 4 Mar 2003 10:16:11 -0600 (CST), Ben Lindstrom wrote:
>
> Stupidity comes in many forms. By weakening their security they think
> they are improving it. ...
I agree that they are taking a risk in this case. However,
they do have a point. When all traffic is encrypted, it
benefits those with malicious intent as much as legitimate
users. Statistical process controls to detect aberrant
behavior is pretty weak detection.
> <shrug> Do what most sane people do. Discuss the concept of a basin. So
> at least your encrypted all the way into their network. Then you can use
> whatever bridge method you like from there.
Sorry, I thought I had mentioned that earlier. That is what
we do. Connections from our network to their network is
over VPN. It is only after we surface from the VPN concentrator
on their network that the ssh encryption becomes an issue.
Scott
P.S. Btw, an interesting set of observations wrt privacy
can be found in David Brin's "The Transparent Society"
(http://www.kithrup.com/brin/tschp1.html) A must read for
anyone interested in issues of privacy.
More information about the openssh-unix-dev
mailing list