[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: low-overhead encrypted telnet

To: [email protected]
Subject: Re: low-overhead encrypted telnet
From: [email protected]
Date: Wed, 02 Mar 94 11:43:18 EST
Cc: [email protected] (Eric Hughes), [email protected]
Sender: [email protected]

	 
	 Eric Hughes says:
	 > The reason that encrypted telnet is a good thing is that modificatio
	n
	 > at the network level requires kernel modification, and encrypting a
	 > telnet does not.  Installing an encrypted telnet daemon does require
	 > sysadmin cooperation, but it doesn't mean recompiling the kernel.

	 Although running an encrypted IP stack does require sysadmin
	 cooperation, it does not require a kernel rebuild -- John Ioannidis
	 has built modloadable versions of most of the swIPe software.

Assuming, of course, that you're running a system that has modload.
(Ironically, CERT has recommended that you delete loadable device drivers
from systems that don't need them, as a way to guard against password-
sniffers.)

	 > As such, encrypted telnet is a good intermediate while the long term
	 > solution of encrypted IP gets developed and deployed.

	 Agreed -- sadly its arriving VERY slowly. 4.4BSD Lite comes with a
	 standards-compliant encrypted telnet implementation, however.

What standards?  There are no RFCs, nor any current drafts, that define
a telnet encryption option.  The last draft I saw was from 1991, and
Internet drafts expire after 6 months.  As I recall, the idea that was
being pushed then was to integrate encryption more closely with
authentication.

Follow-Ups:
- Re: low-overhead encrypted telnet
  - From: "Perry E. Metzger" <[email protected]>
- Re: low-overhead encrypted telnet
  - From: Jim McCoy <[email protected]>

Prev by Date: Insecurity of public key crypto #1 (reply to Mandl)
Next by Date: Re: low-overhead encrypted telnet
Prev by thread: Re: low-overhead encrypted telnet
Next by thread: Re: low-overhead encrypted telnet
Index(es):
- Date
- Thread