Re: [Full-Disclosure] SSH vs. TLS

From: Steve (fulld-nospam_at_braingia.org)
Date: 06/30/04

  • Next message: Mandrake Linux Security Team: "[Full-Disclosure] MDKSA-2004:063 - Updated libpng packages fix potential remote compromise"
    To: dante@forethought.net
    Date: Tue, 29 Jun 2004 18:38:46 -0500
    
    

    On Tue, Jun 29, 2004 at 09:20:11AM -0600, dante@forethought.net wrote:
    > This person is pushing for the use of TLS Telnet instead of SSH for the
    > following reasons:
    >
    > - SSH is not an IETF standard.

    And "TLS Telnet" is?

    > The documents that make up the SSH2 protocol are still at the
    > Internet-Draft stage. I don't know how long they've been at this stage,
    > but the comment from security was that it's been at this stage for a while
    > and doesn't appear to be moving forward.

    If the "comment from security" was truly that the drafts have been at
    that stage for a while then the security person doesn't know much about
    the internet draft process. The IETF secsh Working Group is most
    definitely active, working with currently active drafts as well as some
    that are being updated.

    Obtaining input from interested parties on the drafts is a valuable part
    of the process. I'd sincerely invite your security person to jump into
    the mix by helping mold the drafts into what he or she believes to be
    "secure". If there's something wrong with the SSH drafts or something
    that could be made better it would be a great help if the security
    person could lend their knowledge to the process.

    Steve

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Mandrake Linux Security Team: "[Full-Disclosure] MDKSA-2004:063 - Updated libpng packages fix potential remote compromise"

    Relevant Pages

    • Re: [Full-disclosure] Why Vulnerability Databases cant do everything
      ... best to relegate programming to a ... is a big difference between these two views of information security. ... but not nearly as important as designing secure systems. ... My favorite example to illustrate this point - ssh. ...
      (Bugtraq)
    • RE: Linux hacked
      ... Also, what exactly did the history file show, can you paste it into a mail ... > First let me say I'm a security novice. ... > been unsuccessful in getting root back. ... > via ssh but you could su in once logged in as one of three users. ...
      (Security-Basics)
    • Re: Secure Way of Remotely Viewing a Desktop...
      ... Remote Administrator (aka RAdmin) from Famatech. ... With respect to security, Famatech claims all data ... VNC tunneled through SSH ...
      (Security-Basics)
    • Questions on secure remote access to Fedora Core 2
      ... I am somewhat new to Internet security solutions in general and Linux ... I am setting up a server with Fedora Core 2 (there are specific reasons ... What is the most secure method I can use to give these individuals access ... under ssh. ...
      (comp.os.linux.security)
    • Re: Security basics
      ... I won't trust SSH alone. ... special iptables rules, and SELinux, to enhance the security of my ... I'd be interested to know what SElinux policy changes you've ... utility which sets up a client on the machine seeking the connection ...
      (Fedora)