Subject: Re: ssh - are you nuts?!?
To: None <tech-security@netbsd.org>
From: Cheryl Trooskin <sev@byz.org>
List: tech-security
Date: 12/17/2000 02:29:44
Erik E. Fair (fair@clock.org) wrote:
> SSH provides for strong, user level encryption, by default. Telnet 
> does not. Q.E.D.

That's why I use it.

On the other hand, as I'm moving towards mandating it on a server I run,
the false sense of security that ssh creates in some people scares the
heck out of me.  Us using ssh doesn't mean that any other of our
security measures are going away (to some people's disappointment (!)).

ssh addresses a very specific issue.  The fact that it doesn't address
the same issues that, say, a one-time passwords solution does isn't
a flaw, but the attitude I've run into that "ssh answers the password
security question" is one I find very annoying.

Sorry, the people who caused this rant aren't even on this list.
I suppose I should be saying this to them, instead. :)

sev

-- 
 sev@byz.org can also be found at http://www.byz.org/~sev 
 "Open your big eyes & take in the sunrise" (Toad the Wet Sprocket)