[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crisis Overload (re Electronic Racketeering)



One motivation behind SSH is trying to make it a de-facto standard
replacement for rlogin and rsh.  That would make it very hard to
replace.  It provides important benefits in authentication and
protection against intruders - and as a side effect it provides hard
to break encryption for anyone.  Plus, it was created and is primarily
distributed *outside* the United States, in a country where none of
the algorithms are patented.  It can thus be openly available for
anyone, and is not limited by US export restrictions.  It currently
includes two algorithms that I know to be patented: RSA and IDEA.
IDEA can be eliminated from it without breaking compability if it
turns out necessary (and, several sources say that non-commercial use
of IDEA is permitted).  RSA is not patented anywhere but in the US,
and there it may be possible for most people to get away by using
RSAREF.

There is more information at http://www.cs.hut.fi/ssh.  The RFC
describes the protocol.

The current list of distribution sites includes:
   ftp.funet.fi:/pub/unix/security
   ftp.unit.no:/pub/unix/security 
   ftp.net.ohio-state.edu:/pub/security/ssh 
   ftp.kiae.su:/unix/crypto 
   ftp.cs.hut.fi/pub/ssh 

More sites are welcome.

    Tatu Ylonen <[email protected]>