Michael wrote:
[quoting someone else]
> > Well, the protocol is completely open, and better. I'd think the
> > existing free ssh clients other than F-Secure's one will catch up.
>
> I don't think so. The author of one of the best, TTSSH, has already
> said he considers the effort too great to support 2.xx
That's mostly due to my personal circumstances (living in NSA-controlled
territory, working on thesis, etc). It's also due to architectural problems
in Teraterm/TTSSH, which would make it very difficult for TTSSH to support
SSHv2 well. Honestly, I'd rather not even attempt v2 support than burn a
lot of time producing a poor implementation that no-one likes.
I'm not terribly enamoured of the v2 protocol --- it screams "Second System
Syndrome" to me, and looks overcomplicated, overgeneral, and generally hard
to implement. But it does fix problems in v1.5, and it's not clear that
there's any better alternative. So if I had the time, I'd probably go with
it.
<grumble>Why do we need THREE (or more) families of secure transports ---
SSHv2 Transport, SSL/TLS, and IPsec?</grumble>
> The liscensing for 2.0 clearly needs to change if it is to be
> supported in the long term by the "open" community
It would be nice if the "SSH Communications Security" implementation was
more open, especially because their "half-open" approach sucks debugging
resources away from truly open alternatives, but the onus is on "us" to fix
the problem, not them.
<grumble>It is very unfortunate that SSH names both a standard, a company,
and that company's implementation of the standard.</grumble>
Other than that stuff, since it is (will be) an IETF standard, the v2
protocol is de facto more open than the "defined by our implementation"
v1.5 protocol. Especially because it doesn't require encumbered
intellectual property. Yay!
Rob
--
[Robert O'Callahan, http://www.cs.cmu.edu/~roc, 5th year CMU CS PhD student
Upgrade your export version Communicator 4.5 to full-strength crypto:]
#!/usr/bin/perl5 -0777pi # Run on your "netscape" binary
s/KEY-BITS:.*?\0/$_=$&;y,a-z, ,;s, 512,2048,;s, {4}$,true,gm;$_/es;
s!\*:Q\xbf/q.{46}(.).{33}!substr($t=$&,54,ord$1)=~y,,\1,c;$t!egs
