encrypt authentication credentials with payload in the clear?
Scott Bolte
listS+openssh-unix-dev at niss.com
Fri Mar 7 00:11:54 EST 2003
On Wed, 5 Mar 2003 09:47:19 -0500, "Loomis, Rip" wrote:
...
> If SSH did support a mode where authentication information was
> encrypted but terminal sessions were not, it would satisfy a
> real world requirement IMHO. What's not clear, though, is whether
> that requirement is worth satisfying in the "stock" portable
> OpenSSH.
>
> ...
>
> That's a valid concern--as I said, though, the places that want
> this sort of functionality generally have a good reason (either
> legal, or based on a full-up risk and threat assessment) why they
> want to collect it. It might seem strange, but it does happen.
One reason I really want it in the 'stock' OpenSSH is because
it enables a migration path. We can satisfy an organization
who's current mindset requires monitorable traffic. Then,
as we educate them as to the risks they are taking, and
address their other requirements in a more elegant manner,
we move them towards a more secure use of ssh.
Scott
More information about the openssh-unix-dev
mailing list