Ian Grigg <iang@systemics.com> writes:

Also, a lot of cryptosystems are put together by committees. SSH was originally put together by one guy. He did the lot. Allegedly, a fairly grotty protocol with a number of weakneses, but it was there and up and running. And SSH-2 is apparantly nice, elegant and easy to understand, now that it has been fixed up.

Actually SSHv2 is just SSL with a different packet format (when I did my SSHv2 implementation I recycled the code from the SSL engine, it was that close [0]). That's probably a good indication that SSL/SSHv2 is a fairly optimal (security/functionality/implementability/etc) design for an application-level security protocol if two groups independently came up with the same design, which brings us back the original question of why on earth Nullsoft tried to roll their own. Peter. [0] Note that my SSL implementation follows the standard SSL ladder diagram rather than the state-machine that SSL implementations are usually described as, which made it trivial to switch over for SSHv2 use. I've never understood why every explanation of the SSL protocol I've ever seen uses ladder diagrams but once they talk about implementation details they assume you're doing it as a state machine, which makes it vastly harder to implement. For example all the stuff about pending cipher suites and whatnot follows automatically (and transparently) from the ladder diagram, but is a real pain to sort out in a state machine.