Re: RSA Patent Expired

["Bora Akyol" <akyol () akyol org>]

openssh source may be free but some of the libraries that it requires are
GPLd. This causes problems for including the ssh code on routers etc.

If I am mistaken, please email me privately, I would be glad to learn more
about this.

Bora

----- Original Message -----
From: "Joe Shaw" <jshaw () insync net>
To: "Richard A. Steenbergen" <ras () e-gerbil net>
Cc: "Richard Welty" <rwelty () vpnet com>; "Bill Fumerola"
<billf () chimesnet com>; "Hendrik Visage" <hvisage () is co za>; "Bradly Walters"
<bwalters () inet-direct com>; <nanog () merit edu>
Sent: Thursday, October 05, 2000 8:41 AM
Subject: RE: RSA Patent Expired


> On Wed, 4 Oct 2000, Richard A. Steenbergen wrote:
>
> > > except that nobody should be using ssh1 for _anything_ if they can
> > > possibly avoid it. even the orginal authors of ssh are strongly
> > > advocating
> > > consigning ssh1 to the trash heap of computer security.
> >
> > I think you're confused, ssh1 is still a very valid protocol. It is well
> > tested and proven, and in many cases better implemented then ssh2
(though
> > of course that may change eventually). Don't confuse the desire to make
> > money with insecurity.
>
> No, he's not confused.  Supposedly, using any algorithm other than 3DES
> with SSH1 can set you up for some type of stream insertion attack.  I've
> never seen it personally, but supposedly the threat does exist.
>
> Furthermore, OpenSSH supports ssh2 and is free, in both the free beer and
> the free speech way.  The BSD license is cool like that.
>
> --
> Joseph W. Shaw - jshaw () insync net
> Computer Security Consultant and Programmer
> Free UNIX advocate and all around nice guy.