lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200406291829.i5TITPWh036677@mailserver2.hushmail.com>
From: full-disclosure at nym.hush.com (full-disclosure@....hush.com)
Subject: SSH vs. TLS

>So, what do you all think? Is SSH really that bad or are these
>requirements unreasonable? Is it really worth implementing TLS Telnet?

The requirements are perfect if you want to describe TLS and PKI.

>- SSH is not an IETF standard.
Why is this even an issue? It's an open protocol, and has been proven.
 Furthermore, the commercial and open source ssh clients/servers have
likely been under more scrutiny than Telnet over TLS software.

>- SSH allows tunneling other protocols, circumventing firewall
>   policies.
SSH tunneling is a problem because the data is encrypted.  TLS encrypts
data, and other things can be tunneled over TLS, using the port for Telnet
over TLS.  Using TLS doesn't prevent circumvention of firewall policies
through tunneling.

>- There must be a mechanism to integrate both client and server keys
>   into LDAP.
Well, that's convenient, isn't it?

As for the other requirements, like you, I believe that Kerberos will
address those issues.  However, I've never implemented it and can't be
certain.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ