>>> However if you do insist on trying to run SSH on slow hardware like
>>> a uVAX then SSH-3.2.9.1 or similar is probably your best bet
>> I hadn't thought anything beyond version 2 had a spec yet even in
>> the form of I-Ds.  What am I missing?
> SSH-3.x is just the latest public release of software from ssh.com,
> and it (fully?) implements the SSHv2 protocol.

...ah, a name for an implementation rather than a protocol.

No, I won't run anything from ssh.com.  Since they went commercial I
simply don't trust them enough.

>> The only attacks [against ssh1] I know of against ssh1 are either
>> implementation attacks against late implementations of it or
>> social-engineering attacks such as the MitM attack on first
>> connections.  Or, of course, attacks directly on the crypto itself,
>> such as attempts to factor RSA moduli.  What am I missing?
> That's not enough?  ;-)

No.  I run an old implementation, old enough that as far as I know none
of the implementation attacks like buffer overflows apply.  Social
engineering attacks - well, I think I know enough about them, and am
paranoid enough in general, that they won't work against me.  (I
certainly pay attention to changed-host-key warnings, and *never* use
ssh's password authentication.)  As for crypto attacks...what do you
know that I don't but should? :-)

> I'm not sure if you include this one in your list:
> [...]
> 	http://staff.washington.edu/dittrich/misc/ssh-analysis.txt

That falls into the "implementation attacks against late
implementations" category.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B