From mboxrd@z Thu Jan 1 00:00:00 1970 From: Markus Friedl To: rob pike Cc: 9fans@cse.psu.edu Subject: Re: [9fans] Re: The problem with SSH2 Message-ID: <20010101161802.B31245@folly> References: <20010101143731.DB61F199E7@mail.cse.psu.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010101143731.DB61F199E7@mail.cse.psu.edu>; from rob@plan9.bell-labs.com on Mon, Jan 01, 2001 at 09:37:12AM -0500 Date: Mon, 1 Jan 2001 16:18:02 +0100 Topicbox-Message-UUID: 3f41e914-eac9-11e9-9e20-41e7f4b1d025 On Mon, Jan 01, 2001 at 09:37:12AM -0500, rob pike wrote: > The complexity is silly, but much worse is that there isn't at least > one guaranteed protocol for authentication and encryption that both > ends always have and can use as a fallback. I would argue that that > would always be sufficient, but I know I'm in the minority there. I do > argue that it's demonstrably necessary. While I aggree that the SSH protocol is very complex, I think this problem is more a policy issue than a protocol issue. E.g. the SSH2 protocol drafts require certain basic algorithms for authentication and encryption. This could be used as a fallback -- but only if the server admin policy agrees to enable the methods. But of course, if the protocol allows too many options it's probably too hard for the server admin to decide which option is a good or a bad thing.