Clear-Text Patch? was: Re: OpenSSH 5.1: call for testing
Dag-Erling Smørgrav
des at des.no
Thu Jul 24 02:17:08 EST 2008
rapier <rapier at psc.edu> writes:
> Dag-Erling Smørgrav <des at des.no> writes:
> > Depends on the context. I rarely use the "none" cipher, and haven't in
> > a while, but it has always been on a trusted network, between two
> > servers connected to the same switch. I would never use the "none"
> > cipher over an untrusted link, even if only for "bulk data transport".
> [...]
> Also, I'm thinking that you actually do unencrypted bulk data transfer
> over untrusted links. I know I just did it a few minutes ago when I
> got the 5.1 OpenSSH distribution from a mirror site.
This is a strawman. I did not claim that I never "do unencrypted bulk
data transfer over untrusted links", only that I never use ssh with the
"none" cipher over an untrusted link.
The authenticity and integrity of the tarball you downloaded can be
verified through other means; this is why the tarball is crypto-
graphically signed.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the openssh-unix-dev
mailing list