encrypt authentication credentials with payload in the clear?

Scott Bolte listS+openssh-unix-dev at niss.com
Wed Mar 5 13:39:54 EST 2003

On Tue, 4 Mar 2003 10:16:11 -0600 (CST), Ben Lindstrom wrote:
> Stupidity comes in many forms.  By weakening their security they think
> they are improving it.  ...

	I agree that they are taking a risk in this case. However,
	they do have a point. When all traffic is encrypted, it
	benefits those with malicious intent as much as legitimate
	users. Statistical process controls to detect aberrant
	behavior is pretty weak detection.

> <shrug> Do what most sane people do.  Discuss the concept of a basin.  So
> at least your encrypted all the way into their network.  Then you can use
> whatever bridge method you like from there.

	Sorry, I thought I had mentioned that earlier. That is what
	we do. Connections from our network to their network is
	over VPN. It is only after we surface from the VPN concentrator
	on their network that the ssh encryption becomes an issue.


	P.S. Btw, an interesting set of observations wrt privacy
	can be found in David Brin's "The Transparent Society"
	(http://www.kithrup.com/brin/tschp1.html) A must read for
	anyone interested in issues of privacy.

More information about the openssh-unix-dev mailing list