Tinc's response to "Linux's answer to MS-PPTP"
Eric Rescorla
ekr at rtfm.com
Sat Sep 27 18:42:02 EDT 2003
M Taylor <mctylr at privacy.nb.ca> writes:
> On Fri, Sep 26, 2003 at 06:26:16PM -0700, Joseph Ashwood wrote:
> > > Both SSL and SSH have had their security
> > > problems . . , as perfect as Peter Gutmann would let us believe.
> > They may not be perfect but in neither case can Mallet do as much damage as
> > easily, even the recent break in OpenSSH did not allow a compromise as big
> > as even the smallest of the problems briefly explored in tinc.
>
> Oh, and they fixed their flaws. SSHv1 is not recommended for use at all,
> and most systems use SSHv2 now which is based upon a draft IETF standard.
> SSL went through SSLv1, SSLv2, SSLv3, TLSv1.0, and TLSv1.1 is a draft IETF
> standard.
Nitpicking alert:
"Draft Standard" is the technical term for the second tier of
IETF standardization. (Proposed, Draft, Full). The term for
something that has not yet been approved and given an RFC #
is "Internet Draft". SSHv2 and TLSv1.1 are Internet Drafts.
-Ekr
--
[Eric Rescorla ekr at rtfm.com]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list