Clear-Text Patch? was: Re: OpenSSH 5.1: call for testing

rapier rapier at psc.edu
Thu Jul 24 02:38:07 EST 2008



Dag-Erling Smørgrav wrote:
> rapier <rapier at psc.edu> writes:
>> Dag-Erling Smørgrav <des at des.no> writes:
>>> Depends on the context.  I rarely use the "none" cipher, and haven't in
>>> a while, but it has always been on a trusted network, between two
>>> servers connected to the same switch.  I would never use the "none"
>>> cipher over an untrusted link, even if only for "bulk data transport".
>> [...]
>> Also, I'm thinking that you actually do unencrypted bulk data transfer
>> over untrusted links. I know I just did it a few minutes ago when I
>> got the 5.1 OpenSSH distribution from a mirror site.
> 
> This is a strawman.  I did not claim that I never "do unencrypted bulk
> data transfer over untrusted links", only that I never use ssh with the
> "none" cipher over an untrusted link.

I'm sorry if it came across that way. It wasn't intentional and I'm 
really not trying to start an argument. I was actually trying to make 
the point that some data isn't seen as being important enough to 
transfer encrypted. I personally feel that if data isn't worth 
encrypting its not worth encrypting regardless of the transport 
mechanism being used. Personally, I'd prefer if all data was encrypted 
at all times as a matter of course. Unfortunately, thats just not 
feasible with the current paradigms/infrastructure available. It 
probably going to become less so over time to be honest.


More information about the openssh-unix-dev mailing list