Subject: Re: ssh
To: None <>
From: RJ Atkinson <>
List: tech-security
Date: 12/17/2000 12:11:39
At 03:08 17/12/00, wrote:

>I've been told that strong, user-level encryption 
>is available to telnet. 

        It is not clear to me that the above is generally true,
even if I knew what the author above meant by "strong" or 
"user-level" in this context.

        There were several different research projects on that, 
but none was ever widely available.   It is not clear to me 
whether any of the Telnet security enhancements provided security. 

        Further, there is ongoing work in IETF on adding standard
Telnet security extensions, which means any Telnet security option] that might be deployed today
    (1) is not any sort of standard 
and (2) might not be compatible with whatever IETF standard 
        for Telnet securtity that emerges in future.

        By contrast, SSHv1 is quite widely deployed (if not standard).
SSHv2 is being standardised by IETF and is increasingly deployed.
Further, there are at least 2 interoperable SSHv2 implementations
today, one of which is freely distributable in source form.

        Note well that I'm decidedly NOT interested in any sort
of debate on the merits of either SSH or Telnet security, so 
I'll decline to respond to any notes that sound argumentative 
to my ears.