lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20040629233846.GA10991@mail.braingia.org>
From: fulld-nospam at braingia.org (Steve)
Subject: SSH vs. TLS

On Tue, Jun 29, 2004 at 09:20:11AM -0600, dante@...ethought.net wrote:
> This person is pushing for the use of TLS Telnet instead of SSH for the
> following reasons:
> 
> - SSH is not an IETF standard.

And "TLS Telnet" is?

> The documents that make up the SSH2 protocol are still at the
> Internet-Draft stage. I don't know how long they've been at this stage,
> but the comment from security was that it's been at this stage for a while
> and doesn't appear to be moving forward.

If the "comment from security" was truly that the drafts have been at
that stage for a while then the security person doesn't know much about
the internet draft process.  The IETF secsh Working Group is most
definitely active, working with currently active drafts as well as some
that are being updated.

Obtaining input from interested parties on the drafts is a valuable part
of the process.  I'd sincerely invite your security person to jump into
the mix by helping mold the drafts into what he or she believes to be
"secure".  If there's something wrong with the SSH drafts or something
that could be made better it would be a great help if the security
person could lend their knowledge to the process.

Steve


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ