encrypt authentication credentials with payload in the clear?

David M. Williams d_wllms at lanl.gov
Fri Mar 14 07:44:50 EST 2003

Something for those in this conversation to note:  

Proposed language to update the Security Conciderations section of the 
core IETF drafts in the secsh-WG, (I added the underlining)

11.1 Confidentiality 

   This protocol does allow the encryption mechanism to be
   disabled.  Implementors _SHOULD be wary of exposing this_
   _feature for any purpose other than debugging_.  Users and
   administrators _SHOULD be explicitly warned anytime the_
   _"none" method is enabled_.


David M. Williams, CISSP		Phone: 505-665-8062
Systems Engineer, CCN-2			Fax:   505-667-7428
Los Alamos National Laboratory		Email: d_wllms at lanl.gov

More information about the openssh-unix-dev mailing list