Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] SSH vs. TLS

from [Steve] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] SSH vs. TLS
Date: Tue, 29 Jun 2004 18:38:46 -0500 
On Tue, Jun 29, 2004 at 09:20:11AM -0600, dante@forethought.net wrote:

This person is pushing for the use of TLS Telnet instead of SSH for the
following reasons:

- SSH is not an IETF standard.


And "TLS Telnet" is?


The documents that make up the SSH2 protocol are still at the
Internet-Draft stage. I don't know how long they've been at this stage,
but the comment from security was that it's been at this stage for a while
and doesn't appear to be moving forward.


If the "comment from security" was truly that the drafts have been at
that stage for a while then the security person doesn't know much about
the internet draft process.  The IETF secsh Working Group is most
definitely active, working with currently active drafts as well as some
that are being updated.

Obtaining input from interested parties on the drafts is a valuable part
of the process.  I'd sincerely invite your security person to jump into
the mix by helping mold the drafts into what he or she believes to be
"secure".  If there's something wrong with the SSH drafts or something
that could be made better it would be a great help if the security
person could lend their knowledge to the process.

Steve
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-Disclosure] MDKSA-2004:065 - Updated apache packages fix buffer overflow vulnerability in mod_proxy, Mandrake Linux Security Team
Next by Date:  Re: [Full-Disclosure] PIX vs CheckPoint, Gary E. Miller
Previous by Thread:  Re: [Full-Disclosure] SSH vs. TLS, Valdis . Kletnieks
Next by Thread:  RE: [Full-Disclosure] SSH vs. TLS, Ng, Kenneth (US)
Indexes:  [Date] [Thread] [Top] [All Lists]