1995-10-23 - Re: Encrypted TCP Tunneler

Header Data

From: Wei Dai <weidai@eskimo.com>
To: Tatu Ylonen <ylo@cs.hut.fi>
Message Hash: fa3397ff4d28cf2c4df4436b4872c7158715cacb39639518df865e681f4e4339
Message ID: <Pine.SUN.3.91.951023022123.9641C-100000@eskimo.com>
Reply To: <199510230100.DAA00697@soikko.cs.hut.fi>
UTC Datetime: 1995-10-23 09:53:19 UTC
Raw Date: Mon, 23 Oct 95 02:53:19 PDT

Raw message

From: Wei Dai <weidai@eskimo.com>
Date: Mon, 23 Oct 95 02:53:19 PDT
To: Tatu Ylonen <ylo@cs.hut.fi>
Subject: Re: Encrypted TCP Tunneler
In-Reply-To: <199510230100.DAA00697@soikko.cs.hut.fi>
Message-ID: <Pine.SUN.3.91.951023022123.9641C-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 23 Oct 1995, Tatu Ylonen wrote:

> Are you familiar with ssh [http://www.cs.hut.fi/ssh]?  It has many of
> the features that you are planning.

I saw the announcement for ssh a while ago, but didn't get a copy because
it doesn't run under MS Windows.  I just downloaded a copy today and read
some of the documentation.  It apparently has many of the features I
talked about, plus lots more. 

However, I probably won't give up ETT yet, because there are some design 
differences that would make ETT more useful in certain circumstances.  
SSH seems to be design mainly as a secure telnet program, with TCP port 
redirection added on, which suggests (although I'm not sure) that you 
need to have an user account on the SSH server to connect to it.  It also 
does not seem to do any filtering of TCP redirection requests.  Chaining 
would not work well with SSH because of its packet overhead.

I'll try to get SSH working soon, but so far I am very impressed with it.
I am curious, however, about your choice of key exchange and
authentication schemes.  What are the relative advantages of your protocol
over a more straight-forward DH + signature of exchange values?  DH would
provide forward secrecy directly without the need to change the server key
every hour. 

Wei Dai





Thread