Just to add the figures that support my assertion, in an e-mail from Wes Hardaker, who surveyed the network operators, to isms
"Of the various authentication systems in use at that time by the people that responded: 66% local accounts 49% SSH-keys 40% Radius 29% TACACS+ 14% X.509 Certificates 10% Kerberos [numbers don't add to 100 because more than one option could be selected]" which I have paraphrased as SSH a significant number TLS so small as to be invisible Of course, as I hope is clear, I am talking in the context of network operations, not of Web access (where I accept that SSL dominates). Tom Petch ----- Original Message ----- From: "Rodney Thayer" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, October 25, 2005 11:46 PM Subject: Re: Why not TLS was Re: [Syslog] Secure substrate - need your input > Tom Petch wrote: > > In the context of isms, ie SNMP, the choice was SSH v TLS + SASL; TLS provides > > the security but not the authentication while SSH does both. And SSH is a > > well-established protocol. > > > > I agree that TLS/SSL is the most widely used but that is because more people > > access websites (securely) than access network devices. If you limit yourself > > to network operations of network devices, then it appears to be > > SSH a significant number > > TLS so small as to be invisible > > A couple of comments - > > I disagree that TLS is rare. TLS is common, in my experience, because > many devices have web-based management interfaces and those are secured with > TLS. > > Also, if your logic were correct, then all those SASL folks who hassled us > TLS people into going with STARTLS/SASL/etc must have been wrong - this > is one of those "the IETF can't declare both 1 and 0 to be truth, depending > on which RFC you read" problems. > > OTOH you are using SOME standard protocol so I'm fine with SSH... > > _______________________________________________ > Syslog mailing list > Syslog@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/syslog _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog
