Clear-Text Patch? was: Re: OpenSSH 5.1: call for testing

Dag-Erling Smørgrav des at des.no
Thu Jul 24 02:17:08 EST 2008


rapier <rapier at psc.edu> writes:
> Dag-Erling Smørgrav <des at des.no> writes:
> > Depends on the context.  I rarely use the "none" cipher, and haven't in
> > a while, but it has always been on a trusted network, between two
> > servers connected to the same switch.  I would never use the "none"
> > cipher over an untrusted link, even if only for "bulk data transport".
> [...]
> Also, I'm thinking that you actually do unencrypted bulk data transfer
> over untrusted links. I know I just did it a few minutes ago when I
> got the 5.1 OpenSSH distribution from a mirror site.

This is a strawman.  I did not claim that I never "do unencrypted bulk
data transfer over untrusted links", only that I never use ssh with the
"none" cipher over an untrusted link.

The authenticity and integrity of the tarball you downloaded can be
verified through other means; this is why the tarball is crypto-
graphically signed.

DES
-- 
Dag-Erling Smørgrav - des at des.no


More information about the openssh-unix-dev mailing list