1994-02-05 - Re: CERT advisory

Header Data

From: Brad Huntting <huntting@glarp.com>
To: “Marc W. Mengel” <mengel@dcdmwm.fnal.gov>
Message Hash: c3a6d5e7a43ee789c2538f32efecf614967719273b65e169a2559e867ad3b681
Message ID: <199402050015.AA01939@misc.glarp.com>
Reply To: <9402042327.AA43567@dcdmwm.fnal.gov>
UTC Datetime: 1994-02-05 00:19:57 UTC
Raw Date: Fri, 4 Feb 94 16:19:57 PST

Raw message

From: Brad Huntting <huntting@glarp.com>
Date: Fri, 4 Feb 94 16:19:57 PST
To: "Marc W. Mengel" <mengel@dcdmwm.fnal.gov>
Subject: Re: CERT advisory
In-Reply-To: <9402042327.AA43567@dcdmwm.fnal.gov>
Message-ID: <199402050015.AA01939@misc.glarp.com>
MIME-Version: 1.0
Content-Type: text/plain



> Since the command channel is flat ascii, one could extend the protocol
> with a pgp-password command, which would send the password encrypted in the
> server's public key.  Similarly one could use the sort of convention that
> the wu-ftpd does to request encrypted files... simply request file.pgp,
> just like you request file.z, file.gz, etc.

There is an Internet draft (draft-ietf-cat-ftpsec-03.txt) on ftp
encription and authentication extensions.  I dont recall if it
includes a public key method, but if not it would probably be easy
to incorporate.


brad





Thread