[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CERT statement



-----BEGIN PGP SIGNED MESSAGE-----

- -----BEGIN PGP SIGNED MESSAGE-----

In article <[email protected]>,
Perry E. Metzger <[email protected]> wrote:
>Well, sort of. A key management system that operates sort of like
>Kerberos' is necessary. However, thats really far from
>sufficient. Most Kerberized protocols authenticate only at the
>beginning of the session -- very very hijackable.

I just want to chime in that telnet{,d} clients are available that do
encrypt every packet, built upon Kerberos v5 (and the GSSAPI) for key
management.  There are even libraries that sit on top of sockets with
the same interface and do the encryption (and therefore the implicit
authentication) of every packet.

I'm sure Perry knew this, but I'm also sure others didn't.  I'm afraid
I don't have any pointers at the moment (though I know that they are
in use in some parts of CMU), and unless your need is urgent
and you already use kerberos you should just wait for the new swIPe.
- - --
Todd Masco     | "life without caution/ the only worth living / love for a man/
[email protected] |  love for a woman/ love for the facts/ protectless" - A Rich
<a href="http://www.hks.net/~cactus/cactus.html">Cactus' Homepage</a>

- -----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBLyh9zBNhgovrPB7dAQGk+gP/TatFUjwI79UT1UY5IQK82wlQ/jK7tOXb
HX6zWCVU48l/vfAWHSYdS1QSQEeUMH4Z+lnW4lxW0G9fWDk/LxSlyJqnw/zDEbK+
16ePq/6AWsCCA5Gt2HchAfVoC72iYOeU0oDMQJerr6K6s2FLZrR4vSEQAUSbkoJz
VHLjcR6mrog=
=JYyc
- -----END PGP SIGNATURE-----
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBLyi2nSoZzwIn1bdtAQFSiwGAspboooxRv7cVKp3/aPZGVaLkkscfSh/y
PKrOIuBmAoaHmMwUGwV73ygYc3N1bvs0
=PKb8
-----END PGP SIGNATURE-----