[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Encrypted TCP Tunneler

On Mon, 23 Oct 1995, Tatu Ylonen wrote:

> Are you familiar with ssh [http://www.cs.hut.fi/ssh]?  It has many of
> the features that you are planning.

I saw the announcement for ssh a while ago, but didn't get a copy because
it doesn't run under MS Windows.  I just downloaded a copy today and read
some of the documentation.  It apparently has many of the features I
talked about, plus lots more. 

However, I probably won't give up ETT yet, because there are some design 
differences that would make ETT more useful in certain circumstances.  
SSH seems to be design mainly as a secure telnet program, with TCP port 
redirection added on, which suggests (although I'm not sure) that you 
need to have an user account on the SSH server to connect to it.  It also 
does not seem to do any filtering of TCP redirection requests.  Chaining 
would not work well with SSH because of its packet overhead.

I'll try to get SSH working soon, but so far I am very impressed with it.
I am curious, however, about your choice of key exchange and
authentication schemes.  What are the relative advantages of your protocol
over a more straight-forward DH + signature of exchange values?  DH would
provide forward secrecy directly without the need to change the server key
every hour. 

Wei Dai