1994-03-05 - Re: Update on user-level hack to do telnet encryption posted recently

Header Data

From: “Perry E. Metzger” <pmetzger@lehman.com>
To: gtoal@an-teallach.com (Graham Toal)
Message Hash: 13be91df8ae145f7b9b43c09d2bc51df8bede8938cbf9f0c8492aa3b4f041326
Message ID: <9403052131.AA10882@andria.lehman.com>
Reply To: <199403052110.VAA27482@an-teallach.com>
UTC Datetime: 1994-03-05 21:32:28 UTC
Raw Date: Sat, 5 Mar 94 13:32:28 PST

Raw message

From: "Perry E. Metzger" <pmetzger@lehman.com>
Date: Sat, 5 Mar 94 13:32:28 PST
To: gtoal@an-teallach.com (Graham Toal)
Subject: Re: Update on user-level hack to do telnet encryption posted recently
In-Reply-To: <199403052110.VAA27482@an-teallach.com>
Message-ID: <9403052131.AA10882@andria.lehman.com>
MIME-Version: 1.0
Content-Type: text/plain



Graham Toal says:
> 	I really think this project is a serious mistake. People should, if
> 	they insist, produce software compatible with the draft RFCs on telnet
> 	encryption and authentication -- although such code has already been
> 	written. The notion of putting in all this effort just to avoid having
> 	to deal with your system administrator, especially when he should be
> 	happy to install such code given the recent rash of internet breakins,
> 	seems misplaced to me.
> 
> Perry, I'm no longer interested in what you have to say.  You've been
> a wet blanket and have pooh-poohed every practical suggestion I've
> ever seen anyone making - weren't you one of the first people to
> post to the netphone project telling us we were all wasting our time?

No I was not.

As for this current "idea", with an implementation of an encrypted
STANDARD telnet already written and likely available soon for
anonymous FTP, I think I'm being sane, not "a wet blanket". You can
already get a version of the Cray telnet that implements the
authentication code and hack in a reimplementation of the encryption
code if you wish. See below for that. However, producing silly
non-standard telnet hacks makes little sense.

> Cypherpunks write code, except when asked not to by Perry Metzger.
> 
> The point of this code, in case you missed it, is so that people can
> take responsibility for their own encryption and not have to trust
> software installed by someone else, just like we all use pgp rather
> than Clipper.

You can't help trusting code installed by someone else. How many of us
write our own operating systems from scratch? So long as you have the
source code, and the source code to the telnet I am speaking of is
widely available, what is the difference?

The source code for the authenticating telnet is available from

	ftp.cray.com(128.162.15.3):src/telnet/telnet.94.02.07.NE.tar.Z

Now, David Borman has not been very forthcoming with the encrypting
version of this system (although all the hooks are already there) and
if anyone wants to take a crack at adding in an implementation of the
draft encryption standard (which should be quite quick) that would
indeed be a useful effort. I will happily mail a copy of the draft RFC
to anyone who doesn't have it and can't get it.

Perry





Thread