From: "Robert E. Seastrom" <rs@seastrom.com> Date: Thu, 12 Jun 2008 21:15:49 -0400
Randy Bush <randy@psg.com> writes:
and for those of us who are addicted to simple rsync, or whatever over ssh, you should be aware of the really bad openssh windowing issue.
As a user of hpn-ssh for years, I have to wonder if there is any reason (aside from the sheer cussedness for which Theo is infamous) that the window improvements at least from hpn-ssh haven't been backported into mainline openssh? I suppose there might be portability concerns with the multithreaded ciphers, and there's certainly a good argument for not supporting NONE as a cipher type out of the box without a recompile, but there's not much excuse for the fixed size tiny buffers - I mean, it's 2008 already...
Theo is known for his amazing stubbornness, but for area involving security and cryptography, I find it hard to say that his conservatism is excessive. Crypto is hard and often it is very non-intuitive. I remember the long discussions on entropy harvesting and seeding in FreeBSD which fortunately has cryptography professionals who could pick every nit and make sure FreeBSD did not end up with Debian-type egg all over its virtual face. Than again, the tiny buffers are silly and I can't imagine any possible security issue there. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751