[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Telnet-ietf: AUTH, ENCRYPT

To: cypherpunks@toad.com
Subject: Telnet-ietf: AUTH, ENCRYPT
From: anon-remailer@utopia.hacktic.nl (Name Withheld by Request)
Date: Fri, 9 Feb 1996 20:10:07 +0100
Organization: Hack-Tic International, Inc.
Sender: owner-cypherpunks@toad.com
Xcomm: This message was automaticly Remailed by an Anonymous Remailer.
Xcomm: Report inappropriate use to <postmaster@utopia.hacktic.nl>

Heads up:
	A discussion is starting up on the telnet-ietf list re: adding
message integrity checking to option negotiation, so it can't be hacked
with an active attack to defeat, for example, the AUTH and ENCRYPT options.
Highlights:
	- Authentication and encryption are (should be) orthogonal.
	- The "default" encryption should be something stronger than DES
	  OFB, which supposedly was chosen to accomodate dog-slow PCs.
	- Negotiation for non-authenticated, non-encrypted connections has to
	  be protected, too, to prevent attacks.

'telnet berserkly.cray.com 23000' gets you to an interactive browser of the
list archives.  Subscriptions to telnet-ietf-request@cray.com.

a

Prev by Date: Forgery
Next by Date: Re: Tell me whats wrong with this
Prev by thread: Re: Forgery
Next by thread: Not so fastNewsspeak Times Article on the CDA
Index(es):
- Date
- Thread