Subject: Re: Policy questions
To: None <>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-userlevel
Date: 01/03/2004 18:47:37
["Greg A. Woods" <>, responding to me]
>> Assuming the network is one for which rsh would be suitable, I can't
>> see any [ssh protocol issues with using cipher "none"].  I'd like a
>> reference to anything anyone has to the contrary.
> If the network is suitable for rsh then just use rsh!

Except that rsh doesn't support some useful things ssh does, such as X
forwarding and port forwarding, that are reasonably likely to be useful
even if the network in question is (believed to be) secure enough for

> I.e. you cannot ever safely use "cypher=none" in the way it's
> currently implemented in SSH.

You can in any circumstance where network-level attackers are not part
of the threat model.  (An example might be a building-scale LAN at a
physically secure facility, not networked outside the building by
anything more sophisticated than sneakernet.)  This is not an
exhaustive list; I'm merely pointing out that your statement is
stronger than I believe is justified.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B