North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: RSA Patent Expired

  • From: Bora Akyol
  • Date: Thu Oct 05 13:09:38 2000

openssh source may be free but some of the libraries that it requires are
GPLd. This causes problems for including the ssh code on routers etc.

If I am mistaken, please email me privately, I would be glad to learn more
about this.


----- Original Message -----
From: "Joe Shaw" <[email protected]>
To: "Richard A. Steenbergen" <[email protected]>
Cc: "Richard Welty" <[email protected]>; "Bill Fumerola"
<[email protected]>; "Hendrik Visage" <[email protected]>; "Bradly Walters"
<[email protected]>; <[email protected]>
Sent: Thursday, October 05, 2000 8:41 AM
Subject: RE: RSA Patent Expired

> On Wed, 4 Oct 2000, Richard A. Steenbergen wrote:
> > > except that nobody should be using ssh1 for _anything_ if they can
> > > possibly avoid it. even the orginal authors of ssh are strongly
> > > advocating
> > > consigning ssh1 to the trash heap of computer security.
> >
> > I think you're confused, ssh1 is still a very valid protocol. It is well
> > tested and proven, and in many cases better implemented then ssh2
> > of course that may change eventually). Don't confuse the desire to make
> > money with insecurity.
> No, he's not confused.  Supposedly, using any algorithm other than 3DES
> with SSH1 can set you up for some type of stream insertion attack.  I've
> never seen it personally, but supposedly the threat does exist.
> Furthermore, OpenSSH supports ssh2 and is free, in both the free beer and
> the free speech way.  The BSD license is cool like that.
> --
> Joseph W. Shaw - [email protected]
> Computer Security Consultant and Programmer
> Free UNIX advocate and all around nice guy.