On Fri, 17 Aug 2001, Jose Nazario wrote: > you would think so. the number of flaws in the code, and the protocol (at > least SSH1), would suggest that there should be investigated other > solutions first. I would certainly recommend SSH2 in general. But it seems a little presumptious to suggest that the solution to SSH's flaws is to flawlessly write another large chunk of code. > note i'm not a fan of usig a TCP transport mechanism, even with crypto > behind it, a syour VPN. i'm a bigger fan of generic encapsulation > protocols based on routing (or policy routing) protocols. you have to > graft too much on to the system (ie points of failure) to shove things > into TCP/SSH pipes (or TCP/SSL pipes). I like the reliability of TCP over datagram protocols. As far as the security layer is concerned, I have no problem with using IPSec or something lower. But I consider the potential loss of datagrams over the network to be unacceptable. -Peff --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Fri Aug 17 2001 - 22:11:42 PDT