Date: Sun, 7 Jan 2001 16:27:00 -0000 From: **1st Vamp** <wes@pmason.karoo.co.uk> To: security@FreeBSD.ORG Subject: Re: Antisniffer measures (digest of posts) Message-ID: <E14FIf6-0007P2-00@smtpout.kingston-internet.net>
next in thread | raw e-mail | index | archive | help
True, very valid points, that's what I get for replying to mailing lists when I'm barely awake from a long night of revision. - Vamp : On Sun, 7 Jan 2001, **1st Vamp** wrote: :> To: Wes Peters <wes@softweyr.com> :> Date: 07/01/2001, 12:45:09 :> Subject: Re: Antisniffer measures (digest of posts) :> :> Technically any SSL enabled telnet client wouldn't be that different from :> using a normal telnet client through an SSL tunnel, such as stunnel, :> although some bugs have been found in recent ports, and this is :> technically :> no more secure than plain old SSH. : I'm not sure I follow your argument -- if the SSL telnet properly : evaluates X.509 certificates, and has preconfigured, trusted roots, then : an SSL telnet does offer something that SSH does not have: the ability to : connect to a new host without a manual keying procedure. Given that the : weakness currently widely touted as existing in SSH is really a failure to : provide an automatic keying procedure (and users not knowing how to deal : with that), it seems to be the case that in that regard, it really *is* : more secure than plain old SSH. Now, at least some of the SSL clients out : there actually don't do this: for example, last time I looked at pine-SSL : (a while ago), it performed no certificate checking, meaning it was quite : subject to a man-in-the-middle attack, and unlike most versions of SSH, : would not display any warning indicating the potential for one. However, a : properly written and configured SSL client should not do this. : Robert N M Watson FreeBSD Core Team, TrustedBSD Project : robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E14FIf6-0007P2-00>