[Cryptography] Why aren’t we using SSH for everything?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sun Jan 4 00:54:57 EST 2015
Tony Arcieri <bascule at gmail.com> writes:
>In terms of overall design, SSH and TLS both failed. SSH did MAC-and-encrypt.
>TLS did MAC-then-encrypt. Both of them are effectively legacy protocols that
>were designed wrong from the get-go.
TLS finally fixed this after a year-long battle to get the change accepted. I
also suggested it to the SSH folks but they weren't interested, and after the
fight it took to get it into TLS I just didn't have the energy to go through
the same thing for SSH.
Peter.
More information about the cryptography
mailing list