Full Disclosure mailing list archives
Re: SSH vs. TLS
From: Steve <fulld-nospam () braingia org>
Date: Tue, 29 Jun 2004 18:38:46 -0500
On Tue, Jun 29, 2004 at 09:20:11AM -0600, dante () forethought net wrote:
This person is pushing for the use of TLS Telnet instead of SSH for the following reasons: - SSH is not an IETF standard.
And "TLS Telnet" is?
The documents that make up the SSH2 protocol are still at the Internet-Draft stage. I don't know how long they've been at this stage, but the comment from security was that it's been at this stage for a while and doesn't appear to be moving forward.
If the "comment from security" was truly that the drafts have been at that stage for a while then the security person doesn't know much about the internet draft process. The IETF secsh Working Group is most definitely active, working with currently active drafts as well as some that are being updated. Obtaining input from interested parties on the drafts is a valuable part of the process. I'd sincerely invite your security person to jump into the mix by helping mold the drafts into what he or she believes to be "secure". If there's something wrong with the SSH drafts or something that could be made better it would be a great help if the security person could lend their knowledge to the process. Steve _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- SSH vs. TLS dante (Jun 29)
- Re: SSH vs. TLS Valdis . Kletnieks (Jun 29)
- Re: SSH vs. TLS Steve (Jun 29)
- <Possible follow-ups>
- RE: SSH vs. TLS Ng, Kenneth (US) (Jun 29)
- Re: SSH vs. TLS Gerhard den Hollander (Jun 29)
- RE: SSH vs. TLS full-disclosure (Jun 29)
- RE: SSH vs. TLS List Bot (Jun 30)