From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
Path: 
 eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!news.eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!aioe.org!.POSTED!not-for-mail
From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Newsgroups: comp.lang.ada
Subject: Re: library/binding for sftp?
Date: Wed, 7 Aug 2013 21:57:37 +0200
Organization: cbb software GmbH
Message-ID: <bccmiwywovsc.1gr3p41feupbk$.dlg@40tude.net>
References: <85li4gmhrt.fsf@stephe-leake.org>
 <2wgl8bcmdsu0$.1rs1604fzwufv.dlg@40tude.net>
 <85vc3jfias.fsf@stephe-leake.org>
 <1gwg87tgm2bo7$.ae7440ka6kmc.dlg@40tude.net>
 <85bo59g6h7.fsf@stephe-leake.org> <ul3xotcxb4wh$.1rfdfqdzhndf.dlg@40tude.net>
 <kttvbd$jp7$1@dont-email.me>
Reply-To: mailbox@dmitry-kazakov.de
NNTP-Posting-Host: NRdsZItxz1JhTQIIiXfHKg.user.speranza.aioe.org
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-7"
Content-Transfer-Encoding: 8bit
X-Complaints-To: abuse@aioe.org
User-Agent: 40tude_Dialog/2.0.15.1
X-Notice: Filtered by postfilter v. 0.8.2
Xref: news.eternal-september.org comp.lang.ada:16696
Date: 2013-08-07T21:57:37+02:00
List-Id: <comp.lang.ada>

On Wed, 7 Aug 2013 17:15:25 +0000 (UTC), Simon Clubley wrote:

> On 2013-08-07, Dmitry A. Kazakov <mailbox@dmitry-kazakov.de> wrote:
>> On Wed, 07 Aug 2013 05:06:44 -0500, Stephen Leake wrote:
>>
>>> "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> writes:
>>> 
>>>> On Tue, 06 Aug 2013 01:24:27 -0500, Stephen Leake wrote:
>>>>> 
>>>>> Because the device requires ssh authentication.
>>>>
>>>> I don't understand this. You cannot bind to a port under android?
>>> 
>>> I can. But then i'd have to re-implement security, authentication, and
>>> file transfer.
>>
>> What for? It is your program you know you are running it.
>>
>> The best security ever is a protocol nobody else knows.
> 
> What if he needs to transmit data over a untrusted link or if site
> policy requires end to end encryption ?

What if any of the devices may get confiscated? What if a judge require to
put down all passwords? Maybe it is better to stash data into mp3 files
covered as songs and transfer such files unencrypted?

> BTW, I don't agree with security by obscurity. I prefer security
> protocols which are publicly available and have survived being
> probed for vulnerabilities.

Of course, just because you˘re paranoid doesn˘t mean they˘re not after you.
But it is always a balance between the price of the information and the
price of breaking into. Security by obscurity has a very good ratio in THIS
concrete case, likely better than of any publicly available protocol.

P.S. Remember the code talkers story.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de