From owner-freebsd-hackers Sat Dec 23 3:15:40 2000 From owner-freebsd-hackers@FreeBSD.ORG Sat Dec 23 03:15:38 2000 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from ducky.nz.freebsd.org (ns1.unixathome.org [203.79.82.27]) by hub.freebsd.org (Postfix) with ESMTP id 925C437B400 for ; Sat, 23 Dec 2000 03:15:37 -0800 (PST) Received: from wocker (wocker.int.nz.freebsd.org [192.168.0.99]) by ducky.nz.freebsd.org (8.9.3/8.9.3) with ESMTP id AAA16241; Sun, 24 Dec 2000 00:14:18 +1300 (NZDT) Message-Id: <200012231114.AAA16241@ducky.nz.freebsd.org> From: "Dan Langille" Organization: langille.org To: opentrax@email.com Date: Sun, 24 Dec 2000 00:14:17 +1300 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: ssh - are you nuts?!? Reply-To: dan@langille.org Cc: freebsd-hackers@FreeBSD.ORG Priority: normal In-reply-to: <200012231000.CAA21431@spammie.svbug.com> References: <200012230032.NAA13382@ducky.nz.freebsd.org> X-mailer: Pegasus Mail for Win32 (v3.12c) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 23 Dec 2000, at 2:00, opentrax@email.com wrote: > On 23 Dec, Dan Langille wrote: > > On 23 Dec 2000, at 13:25, David Preece wrote: > > > >> At 15:37 22/12/00 -0800, you wrote: > >> > >> >The question asked is: why you believe ssh is beter > >> >than say telnet. Or what advantages SSH has in general. > >> > >> Sorry, don't have time to reply to this properly. > >> > >> The main evil of ssh is that server authentication is not enforced, making > >> mounting a man-in-the-middle attack basically trivial. > > > > It is possible. It is not trivial. > > > What leads you to believe that it's not trival? You are the one claiming it is trivial. The onus is on you to prove your own claim. Or conversely, prove me wrong. I'm not feeding you. -- Dan Langille The FreeBSD Diary - http://freebsddiary.org/ FreshPorts - http://freshports.org/ NZ Broadband - http://unixathome.org/broadband/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message