Date: Mon, 3 Jan 2000 23:49:30 +0100 From: Markus Friedl <markus.friedl@informatik.uni-erlangen.de> To: David Rankin <drankin@bohemians.lexington.ky.us> Cc: Brian Fundakowski Feldman <green@FreeBSD.org>, "Michael H. Warfield" <mhw@wittsend.com>, Dug Song <dugsong@monkey.org>, security@FreeBSD.org, openssh-unix-dev@mindrot.org Subject: Re: OpenSSH protocol 1.6 proposal Message-ID: <20000103234930.A10240@folly.informatik.uni-erlangen.de> In-Reply-To: <20000103092733.B3780@rumpole.bohemians.lexington.ky.us> References: <20000102151208.A21548@folly.informatik.uni-erlangen.de> <Pine.BSF.4.10.10001021441330.8076-100000@green.dyndns.org> <20000103092733.B3780@rumpole.bohemians.lexington.ky.us>
next in thread | previous in thread | raw e-mail | index | archive | help
I hope this is my last mail on this subject. All this discussion about SSH2 misses the fact that we are talking about a security product, so 'features' should not be overrated. Especially for ssh it should be remembered that "complexity is the enemy". You almost get my SSH1.6 for free. The patches consist of minor modifications that are supposed to makes SSH1 much more secure. Compare the code size of OpenSSH (~ 20.000 lines) with the code size of ssh-2.0.1x (~ 100.000 lines), an incarnation of SSH2. Do secure protocols leed to secure implementations? Security is also about trust. SSH1 is old, stable, venerable, widely used, reviewed and testetd. Thus it consists of trusted code. Minor modifications, e.g. SSH1.6, should not reduce trust. But what happens with major modifications, i.e. SSH2? Can you still trust the code? Or can you trust an entirely new implementation of a complex protocol? Wrt 'features': SSH1 has some support for challenge/response authentication, OpenSSH does s/key within the SSH1 framework. Wrt OpenSSH 2: I don't think we need a special mailing-list. If you know of the internals of OpenSSH and/or the SecSH-drafts and want to help implement SSH2, send private mail to me and I'll share my code fragements. But it's too soon for publication. If you want an implementation that does not use the old code: LSH speaks SSH2. cheers, -markus To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000103234930.A10240>