"Kevin Oberman" <[EMAIL PROTECTED]> writes:
>> From: "Robert E. Seastrom" <[EMAIL PROTECTED]>
>> Date: Thu, 12 Jun 2008 21:15:49 -0400
>>
>>
>> Randy Bush <[EMAIL PROTECTED]> writes:
>>
>> > and for those of us who are addicted to simple rsync, or whatever over
>> > ssh, you should be aware of the really bad openssh windowing issue.
>>
>> As a user of hpn-ssh for years, I have to wonder if there is any
>> reason (aside from the sheer cussedness for which Theo is infamous)
>> that the window improvements at least from hpn-ssh haven't been
>> backported into mainline openssh? I suppose there might be
>> portability concerns with the multithreaded ciphers, and there's
>> certainly a good argument for not supporting NONE as a cipher type out
>> of the box without a recompile, but there's not much excuse for the
>> fixed size tiny buffers - I mean, it's 2008 already...
>
> Theo is known for his amazing stubbornness, but for area involving
> security and cryptography, I find it hard to say that his conservatism
> is excessive. Crypto is hard and often it is very non-intuitive. I
> remember the long discussions on entropy harvesting and seeding in
> FreeBSD which fortunately has cryptography professionals who could pick
> every nit and make sure FreeBSD did not end up with Debian-type egg all
> over its virtual face.
>
> Than again, the tiny buffers are silly and I can't imagine any possible
> security issue there.
Many good reasons to not goof with the crypto. The window size was
the main thing I was poking at.
---rob
