[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reliable delete notifies



Angelos D. Keromytis writes:
> I would in fact argue for removal of preshared-key authentication; it was
> useful for debugging or for very simple setups, but the protocol complexity
> introduced both directly (because of the need to support 2 or 3 auth methods)
> and indirectly (encourages addition of other authentication mechanisms) are
> simply not worth it.

I would also remove both RSA encryption modes at the same time. I
don't really see points for them. They will offer "a plausably
deniable exchange", but I don't think that is important enough to
justify the added complexity.

I think we could get rid of the pre-shared keys authentication. If we
do that then we can get rid of both aggressive mode and base mode... 
-- 
kivinen@ssh.fi                               Work : +358 303 9870
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/


References: