security

[Scott Kveton]

>> Ssh v1 was a mess in terms of security from the start.
>> v2.0 is much better.
> 
> True, but it could not have been much better if SSH had
> not been designed from the beginning to be secure,
> unlike telnet.

IMHO the same parallels can be drawn for OpenID ... v1.0 wasn't great in
terms of security but its getting better all of the time.

>> I wouldn't put any of these in the "got wide-spread
>> adoption" category.
> 
> SSH has widespread adoption, having pretty much wiped
> out telnet.  If you take the attitude that software has
> to be compatible with people who do not need security,
> no one will have security.  It is the people who do not
> need security who have to be compatible.  You probably
> find yourself using SSH whether you need security or
> not.

To clarify, I had put that comment _after_ ssh.  I agree that ssh has
widespread adoption within its specific niche market (and its a niche market
- consumers will not use ssh).  The comment from above was meant to be
directed at the other applications mentioned such as IPSec and Tor.

James: can you think of any other examples?  So far I'm not convinced with
the examples I've been given so far.

- Scott