Clear-Text Patch? was: Re: OpenSSH 5.1: call for testing
Damien Miller
djm at mindrot.org
Wed Jul 9 10:54:39 EST 2008
On Tue, 8 Jul 2008, Curt, WE7U wrote:
> On Mon, 7 Jul 2008, Damien Miller wrote:
>
> > OpenSSH 5.1 is almost ready for release, so we would appreciate testing
> > on as many platforms and systems as possible. This release is one of
> > the biggest in recent years, with two hackathons' worth of improvements
> > and fixes for some of our most recalcitrant bugs.
>
> Does this version have the clear-text-after-authentication patch in
> it?
No - we have said repeatedly that we are not interested in adding support
for the "none" cipher.
> The amateur radio people still need this tweak in order to use
> OpenSSH over ham radio data links. The FCC does not allow
> encryption of data on our frequencies, but does allow encryption for
> authentication purposes.
I'm sorry about your government's stupid laws, but I think that there
is much potential for users to harm themselves if we were to add the
null cipher.
-d
More information about the openssh-unix-dev
mailing list