[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Reliable delete notifies
Angelos D. Keromytis writes:
> I would in fact argue for removal of preshared-key authentication; it was
> useful for debugging or for very simple setups, but the protocol complexity
> introduced both directly (because of the need to support 2 or 3 auth methods)
> and indirectly (encourages addition of other authentication mechanisms) are
> simply not worth it.
I would also remove both RSA encryption modes at the same time. I
don't really see points for them. They will offer "a plausably
deniable exchange", but I don't think that is important enough to
justify the added complexity.
I think we could get rid of the pre-shared keys authentication. If we
do that then we can get rid of both aggressive mode and base mode...
--
kivinen@ssh.fi Work : +358 303 9870
SSH Communications Security http://www.ssh.fi/
SSH IPSEC Toolkit http://www.ssh.fi/ipsec/
References: