Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
RE: [Full-Disclosure] SSH vs. TLS
Date: Tue Jun 29 2004 - 13:29:25 CDT
>So, what do you all think? Is SSH really that bad or are these
>requirements unreasonable? Is it really worth implementing TLS Telnet?
The requirements are perfect if you want to describe TLS and PKI.
>- SSH is not an IETF standard.
Why is this even an issue? It's an open protocol, and has been proven.
Furthermore, the commercial and open source ssh clients/servers have
likely been under more scrutiny than Telnet over TLS software.
>- SSH allows tunneling other protocols, circumventing firewall
SSH tunneling is a problem because the data is encrypted. TLS encrypts
data, and other things can be tunneled over TLS, using the port for Telnet
over TLS. Using TLS doesn't prevent circumvention of firewall policies
>- There must be a mechanism to integrate both client and server keys
> into LDAP.
Well, that's convenient, isn't it?
As for the other requirements, like you, I believe that Kerberos will
address those issues. However, I've never implemented it and can't be
Full-Disclosure - We believe in it.