M Taylor <[EMAIL PROTECTED]> writes: > On Fri, Sep 26, 2003 at 06:26:16PM -0700, Joseph Ashwood wrote: > > > Both SSL and SSH have had their security > > > problems . . , as perfect as Peter Gutmann would let us believe. > > They may not be perfect but in neither case can Mallet do as much damage as > > easily, even the recent break in OpenSSH did not allow a compromise as big > > as even the smallest of the problems briefly explored in tinc. > > Oh, and they fixed their flaws. SSHv1 is not recommended for use at all, > and most systems use SSHv2 now which is based upon a draft IETF standard. > SSL went through SSLv1, SSLv2, SSLv3, TLSv1.0, and TLSv1.1 is a draft IETF > standard.
Nitpicking alert: "Draft Standard" is the technical term for the second tier of IETF standardization. (Proposed, Draft, Full). The term for something that has not yet been approved and given an RFC # is "Internet Draft". SSHv2 and TLSv1.1 are Internet Drafts. -Ekr -- [Eric Rescorla [EMAIL PROTECTED] http://www.rtfm.com/ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]