Re: Hogwash

From: Jarkko Santala (jake@iki.fi)
Date: 06/25/02


Date: Tue, 25 Jun 2002 08:48:53 +0300 (EEST)
From: Jarkko Santala <jake@iki.fi>
To: Theo de Raadt <deraadt@cvs.openbsd.org>

On Mon, 24 Jun 2002, Theo de Raadt wrote:

> By holding this information back for a few more days, we are
> permitting a very important protocol to be upgraded in an immune way,
> OR YOU CAN TURN IT OFF NOW.

You have mentioned this "turn it off" solution more than twice. Is this
your official answer to any exploits in OpenSSH? Can I quote you on this?

How do you figure this works for commercial companies that need secsh
connections for business critical needs up and running 24x7?

        -jake

-- 
Jarkko Santala <jake@iki.fi>            http://www.iki.fi/~jake/
System Administrator                    2001:670:83:f08::/64
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message