[ On Wednesday, October 4, 2000 at 19:43:55 (-0400), Richard A. Steenbergen wrote: ]
Subject: RE: RSA Patent Expired
I think you're confused, ssh1 is still a very valid protocol. It is well tested and proven, and in many cases better implemented then ssh2 (though of course that may change eventually). Don't confuse the desire to make money with insecurity.
It's not that the draft version of the SSH protocol is by design insecure, but rather that it is somewhat broken when faced with real-world requirements -- the design completely omits at least one very critial requirement! The fact that it works as well as it does is a testament both to the ingenuity of its implementors and to the relative reliability of the Internet as a whole. (That's not to slight the initial design as "poor" either -- it was a very ambitious undertaking and some things just had to wait until a proof of concept turned into an indispensable tool! I still use it primarily today and I am only now slowly beginning a transition to SSHv2.) -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>