Subject: Re: Policy questions
To: None <tech-userlevel@NetBSD.org>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
Date: 01/03/2004 18:47:37
["Greg A. Woods" <email@example.com>, responding to me]
>> Assuming the network is one for which rsh would be suitable, I can't
>> see any [ssh protocol issues with using cipher "none"]. I'd like a
>> reference to anything anyone has to the contrary.
> If the network is suitable for rsh then just use rsh!
Except that rsh doesn't support some useful things ssh does, such as X
forwarding and port forwarding, that are reasonably likely to be useful
even if the network in question is (believed to be) secure enough for
> I.e. you cannot ever safely use "cypher=none" in the way it's
> currently implemented in SSH.
You can in any circumstance where network-level attackers are not part
of the threat model. (An example might be a building-scale LAN at a
physically secure facility, not networked outside the building by
anything more sophisticated than sneakernet.) This is not an
exhaustive list; I'm merely pointing out that your statement is
stronger than I believe is justified.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML firstname.lastname@example.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B