> I conclude that the 'none' cipher allows MITM attacks under ssh v1 as
> well as connection hijacking, and they are reason to be concerned

Yes.  You should not use cipher none where active attackers are in the
threat model, nor where passive attackers (sniffers) are if you care
about the confidentiality of the data transferred.

However, the same threat model elements make rsh inappropriate, and
most of this discussion is now about environments where rsh is
appropriate.

> As I understand it, it is not in openssh for both that reason, as
> well as the belief of the openssh maintainers that it is not
> necessary, and that using arcfour ought to get sufficient speed for
> most applications

"ought to".  "most".  Handwaving.  They're playing parent to their
users.  "We think this is too dangerous to let you play with it, and we
don't care about the cases where even arcfour is unacceptably
nonperformant" is how I read it.

There is doubtless a place for that.  But I still consider it
unacceptable condescension, especially for something like NetBSD which
is intended as a development system.  (It _is_ still intended to be a
suitable system for development, is it not?)

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B