> At around Thu, 12 Aug 1999 08:56:29 +0100 (BST),
> John Riddoch <[EMAIL PROTECTED]> may have mentioned:
>
> > ssh2 is more secure and is probably getting more development work ATM (NB:
> > wild speculation on my part).
>
> which part does the 'wild speculation' refer to? both parts?
>
> the protocol used in ssh2 appears to be rather more complicated than
> the one used in ssh. ssh2 has also received far less testing in the
> real world.
>
> i'm no expert, but those two points don't make me feel that good about
> ssh2 -- at least not at the moment.
>
> it isn't really clear to me which one is more secure -- perhaps someone
> will do a study of this at some point :-)
Perhaps a better way of stating it is that SSH2 is based on an
IETF-worked protocol, appears to have benefitted from lessons learned from
SSH 1, and appears to be improved by these things. The fact that the
implementation appears to have now become more stable (that is, up to about
May it was being replaced pretty often, and since then it's been able to
hold up without frequent bug fixes) makes it look like it's ripe enough for
more people to use it. This will increase the real-world testing that is
the only real proof of a security system. I'm personally lobbying my
organization to consider the switchover now.
--
Bradford K. Hull | All of a sudden, I want to THROW OVER my promising
[EMAIL PROTECTED] | ACTING CAREER, grow a LONG BLACK BEARD and wear
(206)701-2066 | a BASEBALL HAT... Zippy the Pinhead
