[Cryptography] Why aren’t we using SSH for everything?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sun Jan 4 00:54:57 EST 2015

Tony Arcieri <bascule at gmail.com> writes:

>In terms of overall design, SSH and TLS both failed. SSH did MAC-and-encrypt.
>TLS did MAC-then-encrypt. Both of them are effectively legacy protocols that
>were designed wrong from the get-go.

TLS finally fixed this after a year-long battle to get the change accepted.  I
also suggested it to the SSH folks but they weren't interested, and after the
fight it took to get it into TLS I just didn't have the energy to go through
the same thing for SSH.


More information about the cryptography mailing list