On Sat, Dec 23, 2000 at 02:16:51AM -0800, [EMAIL PROTECTED] wrote:
> > Incorrect..the problems with SSH come down to flaws in the human
> > operator who ignore the warnings SSH gives them, and tell it
> > explicitly to do insecure things like connect to a server which is
> > suddenly not the one you're used to connecting to.
> >
> Are you stateing that one of the issues with SSH is
> a social issue and not a technical?
Yes, that is the single relevant (solvable) issue here. You're just
going to make yourself sound ignorant, and possibly amuse, confuse or
frighten a lot of your audience, if you claim otherwise.
> > These flaws can be all but eliminated by telling SSH to not even give
> > the poor weak confused human the choice of answering yes to the
> > question, by setting of a simple configuration option.
> >
> > JMJr, a good place to start your talk on "The Evils of SSH" might be
> > the Pavlovian conditioning of humans to answer "Yes" to every question
> > a computer gives them..focus on the real problem here.
> >
> I'm giving your comments some consideration.
> Is there any other evidence that might help this type of
> arugement out? I've consider it, but it is a weak arguement
> and it really needs a solid foundation for presentation.
This comment was half tongue-in-cheek, but my assertion that the
current flap over "insecurity" of SSH is not based on shortcomings or
weaknesses of the SSH protocol, or even the UNIX SSH implementations
of that protocol - is I think well justified (and fairly obvious to
most people with crypto clue). For another reference which debunks the
"End of SSH" article in more detail, see the article posted to
slashdot yesterday. Be sure to distinguish between SSH and SSL when
reading the original article or its followups (SSH has nothing to do
with SSL except in a very broad sense).
Kris
PGP signature
