M Taylor <[EMAIL PROTECTED]> writes:
> On Fri, Sep 26, 2003 at 06:26:16PM -0700, Joseph Ashwood wrote:
> > > Both SSL and SSH have had their security
> > > problems . . , as perfect as Peter Gutmann would let us believe.
> > They may not be perfect but in neither case can Mallet do as much damage as
> > easily, even the recent break in OpenSSH did not allow a compromise as big
> > as even the smallest of the problems briefly explored in tinc.
> Oh, and they fixed their flaws. SSHv1 is not recommended for use at all,
> and most systems use SSHv2 now which is based upon a draft IETF standard. 
> SSL went through SSLv1, SSLv2, SSLv3, TLSv1.0, and TLSv1.1 is a draft IETF
> standard.

Nitpicking alert:
"Draft Standard" is the technical term for the second tier of
IETF standardization. (Proposed, Draft, Full). The term for
something that has not yet been approved and given an RFC #
is "Internet Draft". SSHv2 and TLSv1.1 are Internet Drafts.

[Eric Rescorla                                   [EMAIL PROTECTED]

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to