[Cryptography] Why aren’t we using SSH for everything?

[Peter Gutmann]

Tony Arcieri <bascule at gmail.com> writes:

>In terms of overall design, SSH and TLS both failed. SSH did MAC-and-encrypt.
>TLS did MAC-then-encrypt. Both of them are effectively legacy protocols that
>were designed wrong from the get-go.

TLS finally fixed this after a year-long battle to get the change accepted.  I
also suggested it to the SSH folks but they weren't interested, and after the
fight it took to get it into TLS I just didn't have the energy to go through
the same thing for SSH.

Peter.