Clear-Text Patch? was: Re: OpenSSH 5.1: call for testing
rapier
rapier at psc.edu
Thu Jul 24 02:38:07 EST 2008
Dag-Erling Smørgrav wrote:
> rapier <rapier at psc.edu> writes:
>> Dag-Erling Smørgrav <des at des.no> writes:
>>> Depends on the context. I rarely use the "none" cipher, and haven't in
>>> a while, but it has always been on a trusted network, between two
>>> servers connected to the same switch. I would never use the "none"
>>> cipher over an untrusted link, even if only for "bulk data transport".
>> [...]
>> Also, I'm thinking that you actually do unencrypted bulk data transfer
>> over untrusted links. I know I just did it a few minutes ago when I
>> got the 5.1 OpenSSH distribution from a mirror site.
>
> This is a strawman. I did not claim that I never "do unencrypted bulk
> data transfer over untrusted links", only that I never use ssh with the
> "none" cipher over an untrusted link.
I'm sorry if it came across that way. It wasn't intentional and I'm
really not trying to start an argument. I was actually trying to make
the point that some data isn't seen as being important enough to
transfer encrypted. I personally feel that if data isn't worth
encrypting its not worth encrypting regardless of the transport
mechanism being used. Personally, I'd prefer if all data was encrypted
at all times as a matter of course. Unfortunately, thats just not
feasible with the current paradigms/infrastructure available. It
probably going to become less so over time to be honest.
More information about the openssh-unix-dev
mailing list