[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200406291829.i5TITPWh036677@mailserver2.hushmail.com>
From: full-disclosure at nym.hush.com (full-disclosure@....hush.com)
Subject: SSH vs. TLS
>So, what do you all think? Is SSH really that bad or are these
>requirements unreasonable? Is it really worth implementing TLS Telnet?
The requirements are perfect if you want to describe TLS and PKI.
>- SSH is not an IETF standard.
Why is this even an issue? It's an open protocol, and has been proven.
Furthermore, the commercial and open source ssh clients/servers have
likely been under more scrutiny than Telnet over TLS software.
>- SSH allows tunneling other protocols, circumventing firewall
> policies.
SSH tunneling is a problem because the data is encrypted. TLS encrypts
data, and other things can be tunneled over TLS, using the port for Telnet
over TLS. Using TLS doesn't prevent circumvention of firewall policies
through tunneling.
>- There must be a mechanism to integrate both client and server keys
> into LDAP.
Well, that's convenient, isn't it?
As for the other requirements, like you, I believe that Kerberos will
address those issues. However, I've never implemented it and can't be
certain.
Powered by blists - more mailing lists