Re: transfering files back along an existing connection

[Peter Svensson]

On Fri, 5 Feb 1999, Greg A. Woods wrote:

> You just never know what's going on behind your back when you can't
> trust an intermediate party.  SSH can only protect your channel *after*
> it has left the host which originates the connection.  You *MUST* trust
> the client host regardless of what authentication or encryption
> protocols you employ, or to put it another way, if you use SSH then you
> *are* trusting the client host, whether you realize it or not.  Given

This is not necessarily correct. The current session can only be protected
if you trust the host you are on, but future sessions can not be
initiated. This _is_ relevant and provides security if outgoing sessions
are limited to prevent a covert channel from being established.

Basically, as long as the effects initiated from a login are limited in
time, not trusting the client adds security.

Peter
--
Peter Svensson      ! Pgp key available by finger, fingerprint:
<[EMAIL PROTECTED]>    ! 8A E9 20 98 C1 FF 43 E3  07 FD B9 0A 80 72 70 AF
<[EMAIL PROTECTED]> !
------------------------------------------------------------------------
Remember, Luke, your source will be with you... always...