encrypt authentication credentials with payload in the clear?
David M. Williams
d_wllms at lanl.gov
Fri Mar 14 07:44:50 EST 2003
Something for those in this conversation to note:
Proposed language to update the Security Conciderations section of the
core IETF drafts in the secsh-WG, (I added the underlining)
11.1 Confidentiality
This protocol does allow the encryption mechanism to be
disabled. Implementors _SHOULD be wary of exposing this_
_feature for any purpose other than debugging_. Users and
administrators _SHOULD be explicitly warned anytime the_
_"none" method is enabled_.
Dave
--
David M. Williams, CISSP Phone: 505-665-8062
Systems Engineer, CCN-2 Fax: 505-667-7428
Los Alamos National Laboratory Email: d_wllms at lanl.gov
More information about the openssh-unix-dev
mailing list