On 25 Dec, Kris Kennaway wrote:
> On Sat, Dec 23, 2000 at 02:16:51AM -0800, [EMAIL PROTECTED] wrote:
>
>> > Incorrect..the problems with SSH come down to flaws in the human
>> > operator who ignore the warnings SSH gives them, and tell it
>> > explicitly to do insecure things like connect to a server which is
>> > suddenly not the one you're used to connecting to.
>> >
>> Are you stateing that one of the issues with SSH is
>> a social issue and not a technical?
>
> Yes, that is the single relevant (solvable) issue here. You're just
> going to make yourself sound ignorant, and possibly amuse, confuse or
> frighten a lot of your audience, if you claim otherwise.
>
Thanks for your comments, Kris. I'm not claiming I'm
going to do anything at this point. However,
I see you feel strongly about this as a "Social Issue".
Can you comment more on this? I'd like to get your opinion and
more facts as to your position.
>> > These flaws can be all but eliminated by telling SSH to not even give
>> > the poor weak confused human the choice of answering yes to the
>> > question, by setting of a simple configuration option.
>> >
>> > JMJr, a good place to start your talk on "The Evils of SSH" might be
>> > the Pavlovian conditioning of humans to answer "Yes" to every question
>> > a computer gives them..focus on the real problem here.
>> >
>> I'm giving your comments some consideration.
>> Is there any other evidence that might help this type of
>> arugement out? I've consider it, but it is a weak arguement
>> and it really needs a solid foundation for presentation.
>
> This comment was half tongue-in-cheek, but my assertion that the
> current flap over "insecurity" of SSH is not based on shortcomings or
> weaknesses of the SSH protocol, or even the UNIX SSH implementations
> of that protocol - is I think well justified (and fairly obvious to
> most people with crypto clue). For another reference which debunks the
> "End of SSH" article in more detail, see the article posted to
> slashdot yesterday. Be sure to distinguish between SSH and SSL when
> reading the original article or its followups (SSH has nothing to do
> with SSL except in a very broad sense).
>
Wow!! Thanks I'll make not of your suggestion and follow up and
my earliest time slot.
Also, earlier in this message I said - send me positive "proof".
This last section is extremely helpful. Can I quote you in the
last paragraph you sent me. It would look like this:
"
> [...] my assertion that the
> current flap over "insecurity" of SSH is not based on shortcomings or
> weaknesses of the SSH protocol, or even the UNIX SSH implementations
> of that protocol - [The insecurity of it] is I think well justified
> (and fairly obvious to most people with crypto clue). [The
> "insecurity" is the conditioning of humans to answer
> "Yes" to every question a computer gives them.]
>
"
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
