Date: Mon, 25 Sep 2000 11:41:21 -0400 From: "Brian F. Feldman" <green@FreeBSD.org> To: Scot Elliott <scot@london.sparza.com> Cc: CrazZzy Slash <slash@krsu.edu.kg>, Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, freebsd-security@FreeBSD.org, Peter Pentchev <roam@orbitel.bg> Subject: Re: Encryption over IP Message-ID: <200009251541.e8PFfM549719@green.dyndns.org> In-Reply-To: Message from Scot Elliott <scot@london.sparza.com> of "Mon, 25 Sep 2000 11:04:04 BST." <Pine.GSO.4.21.0009251101570.7006-100000@hagop.london.sparza.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> As a friend pointed out to me recently, long term SSH connections that > move a lot of data are probably not very secure, as the SSH protocol does > not re-generate it's encryption keys unlike something like IPSec... So, weigh that into your decision of whether SSH is appropriate or not; are people on the inside going to be actively attempting a chosen-plaintext or known-plaintext attack? A long term SSH connection which only you have control over should really not have any need for rekeying; the stream should not be able to be known by anyone else in its unencrypted form nor should it be able to be modified at will before transport. For using SSH as an anonymous tunnel in hostile environments, I'd definitely want to know it was rekeying at a decent interval. -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009251541.e8PFfM549719>