[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The Talk: ssh - are you nuts!?!

To: will@wythenet.com
Subject: Re: The Talk: ssh - are you nuts!?!
From: opentrax@email.com
Date: Thu, 4 Jan 2001 16:28:28 -0800 (PST)
Cc: tech@openbsd.org


On  4 Jan, Will Barton wrote:
> I love how this guy assumes that everyone in the world lives within a days 
> driving distance of silicon valley.
> 
> I know, I know, I hate contributing to the further delinquency of a 
> troll.  Yes developers should hear objective views of their code, yes 
> constructive criticism is a wonderful thing, but this just isn't 
> it.  Although I think it would be entertaining to see one man take on the 
> entire information security research community single-handed, it is hardly 
> advantageous for OpenBSD/OpenSSH, because its obvious the guy doesn't want 
> to tell anyone anything that doesn't attend his "talk".  Yes, it may very 
> well benefit OpenSSH greatly if the guy had solid arguments against current 
> SSH implementations, but only if he would actually voice them to the 
> developers.
> 
Your assumptions are incorrect.
I've made it clear more than once that my notes from this
talk will be availabe after the talk. This is normal for every
talk I've been to of this type.... FOR over 20 years!!

I've also said I would provide an online video in the future.
Something others, because technical problems, havn't been able to do.
I've also stated that anyone disagreeing with me is welcome to
come to SVBUG and present their points.

What is your point?

> I find it a sad state of affairs when user groups have go to this level to 
> get attention.
> 
Yes, I agree with you on this.


> At 07:36 AM 1/4/01 -0800, you wrote:
>>I beg to differ. My points should be clear enough, base on
>>my posting. Should persons fell that my comments are unjustified
>>they are welcome to come to a meeting of SVBUG and rebuf my
>>statements.
>>
>>                                 Jessem.
>>
>>
>>
>>On  4 Jan, Lipscomb, Al wrote:
>> > I think the problem here (based on the original postings and offline email)
>> > is that the speaker is attempting to give a talk when they do not even
>> > understand the technology. Check the archives for more info.
>> >
>> >> -----Original Message-----
>> >> From: Jeff Wyman [mailto:wysoft@wysoft.tzo.com]
>> >> Sent: Thursday, January 04, 2001 9:40 AM
>> >> To: Internet Chat
>> >> Cc: opentrax@email.com; tech@openbsd.org
>> >> Subject: Re: The Talk: ssh - are you nuts!?!
>> >>
>> >>
>> >> I think developers like to hear all points of view on their
>> >> products, both
>> >> good and bad. How else would they know what and how to improve their
>> >> product?
>> >>
>> >> On Thu, 4 Jan 2001, Internet Chat wrote:
>> >>
>> >> > Sending this to the guys who made OpenSSH, is really bad taste.
>> >> >
>> >> > It's like me sending a mesages saying ur "talk" is useless,
>> >> evil and ....
>> >> >
>> >> > i don't think the developers like it.
>> >> >
>> >> > On Thu, 4 Jan 2001 opentrax@email.com wrote:
>> >> >
>> >> > >
>> >> > >                  SSH - are you nuts!?!
>> >> > >                  by Jesus Monroy, Jr.
>> >> > >
>> >> > > I'm too tired to get this out, but i promised it would
>> >> > > be available, so here it is.
>> >> > >
>> >> > > The Offical Part
>> >> > > ----------------
>> >> > > On Jan. 4, 2001, a talk entitled "ssh - are you nuts!?!"
>> >> > > will be given at the SVBUG (Silicon Valley BSD User Group)
>> >> > > monthly meeting by Club President Jesse Monroy, Jr.
>> >> > > Details available at:
>> >> > >
>> >> > >  http://www.svbug.com/events/
>> >> > >
>> >> > >
>> >> > > My part
>> >> > > -------
>> >> > > Today at 7:45pm (local time) this talk will start.
>> >> > > People say I'm nuts, sometimes I think they are
>> >> > > right. Currently, I've heard hundreds of points
>> >> > > of views, read dozens of papers, and comtemplated
>> >> > > solutions with vicious circles. Two days before
>> >> > > Christmas I related this to my brother-in-law,
>> >> > > a Havard/Yale/Cambridge MBA. His response was,
>> >> > > "Builds character."; hmm.. Thanks.
>> >> > >
>> >> > > Other club presidents ask me, "Are you serious
>> >> > > about this?" My business partner expressed, just
>> >> > > after Christmas, "Is this worth it?"  I'll admit,
>> >> > > at times, this whole thing has been a bit crazy.
>> >> > >
>> >> > > So as I've said today at 7:45pm local time, here
>> >> > > in Silicon Valley, I will be speaking.
>> >> > > The title is "SSH - are you nuts!?!"
>> >> > >
>> >> > > What do I mean by this? Well to get exactly what
>> >> > > I mean you may:
>> >> > >
>> >> > > 1) Come to the talk. Details are available at:
>> >> > >  http://www.svbug.com/events/
>> >> > > 2) See my notes after the talk - posted to:
>> >> > >  http://www.svbug.com/past/
>> >> > > 3) Or see the event with on-line video
>> >> > >    when it's available later this year.
>> >> > >
>> >> > > For those you you interested, below are selected points
>> >> from my talk.
>> >> > >
>> >> -------------------------------------------------------------------
>> >> > > -What I won't  be saying
>> >> > >  -SSH is evil.
>> >> > >  -SSH is useless.
>> >> > >  -SSH is a bad idea.
>> >> > >  -Authentication/Encryption is a hoax or does not work.
>> >> > >  -Public Key Encryption does not work. (I have no proof.)
>> >> > >  -I can break Public Key Encryption. (At least, not now.)
>> >> > >  -I USE SSH. (1 or 2)
>> >> > >  -I never intend to use SSH.
>> >> > >  -My systems have never been compromised.
>> >> > > -My frame of reference
>> >> > > -What I will be saying
>> >> > >  -Voice my personal complaints
>> >> > >  -Expose encryption/security myths
>> >> > >  -Investigate the technical specs/issues
>> >> > >  -Investigage Technical, Social, Economic, Financial Problems
>> >> > >  -Investigate attackers and attacks
>> >> > >  -Tell you where to get SSH
>> >> > >  -Showing alternatives
>> >> > > -Why I'm doing this
>> >> > > -My Personal Complaints
>> >> > > -What people have to say
>> >> > > -SSHv1 vs. SSHv2
>> >> > > -SSHv2 Features
>> >> > > -The SSH Specs (the problems within)
>> >> > > -Authentication/Encryption - Two methods to argue
>> >> > >  -can never be broken
>> >> > >  -can always be broken
>> >> > > -SSH(v2) Faults
>> >> > >  -New Technical problems it creates
>> >> > >  -Technical Problems outside of SSH control
>> >> > >  -There are common misconceptions about it's functionality
>> >> > >  -Social Problems
>> >> > >         -Economic Problems
>> >> > >  -Financial Problems
>> >> > >  -Still Subject to ...
>> >> > > -Who wants your data
>> >> > > -What is the Man-In-The-Middle
>> >> > > -Your Governments Involvement
>> >> > > -What SSH programs there are
>> >> > > -What alternatives you have
>> >> > >  -Start with a Strategem
>> >> > >  -Technical Prevention
>> >> > >  -Technical Counter Measures
>> >> > > -Last words
>> >> > >
>> >> > >
>> >> > >
>> >> > >
>> >> >
>> >> >
>> >> >
>> >> >
>> >>
>> >>
>> >>
>> >
>> >
>> >
>> >
> 
> --
> Will Barton
> Senior Systems & Network Administrator
> WytheNet, Inc
> 
> 
>
Prev by Date: No Subject
Next by Date: Re: The Talk: ssh - are you nuts!?!
Prev by thread: Re: The Talk: ssh - are you nuts!?!
Next by thread: Firewall rule set
Index(es):
- Date
- Thread