On Wed, Jun 04, 2003 at 01:11:51AM +1200, Peter Gutmann wrote:
| "Lucky Green" <[EMAIL PROTECTED]> writes:
| >I trust that we can agree that the volume of traffic and number of
| >transactions protected by SSL are orders of magnitude higher than those
| >protected by SSH. As is the number of users of SSL. The overwhelming majority
| >of which wouldn't know ssh from telnet. Nor would they know what to do at a
| >shell prompt and therefore have no use for either ssh or telnet.
| Naah, that third sentence is wrong.  It's:
|   The overwhelming majority of [SSL users] wouldn't know SSL from HTTP with a
|   padlock GIF in the corner.
| >Given that SSL use is orders of magnitude higher than that of SSH, with no
| >change in sight, primarily due to SSL's ease-of-use, I am a bit puzzled by
| >your assertion that ssh, not SSL, is the "only really successful net crypto
| >system".
| I think the assertion was that SSH is used in places where it matters, while
| SSL is used where no-one really cares (or even knows) about it.  Joe Sixpack
| will trust any site with a padlock GIF on the page.  Most techies won't access
| a Unix box without SSH.  Quantity != quality.
| If you could wave a magic wand and make one of the two protocols vanish, I'd
| notice the loss of SSH immediately (I couldn't send this message for
| starters), but it would take days or weeks before I noticed the loss of SSL.

One of the papers at the security and econ workshop last week asserted
that the reason ssh took off was actually because it makes life easier
if you need to munge X displays.


"It is seldom that liberty of any kind is lost all at once."

Reply via email to