1994-03-02 - Re: low-overhead encrypted telnet

Header Data

From: Adam Shostack <adam@bwh.harvard.edu>
To: Rolf.Michelsen@delab.sintef.no (Rolf Michelsen)
Message Hash: 7a4eac07d790e9fe23ebd3d04ff7dc1e54be201e5c4b7811e28e5743eae88a1d
Message ID: <199403021514.KAA03435@duke.bwh.harvard.edu>
Reply To: <Pine.3.88.9403020801.B1102-0100000@svme.er.sintef.no>
UTC Datetime: 1994-03-02 15:15:34 UTC
Raw Date: Wed, 2 Mar 94 07:15:34 PST

Raw message

From: Adam Shostack <adam@bwh.harvard.edu>
Date: Wed, 2 Mar 94 07:15:34 PST
To: Rolf.Michelsen@delab.sintef.no (Rolf Michelsen)
Subject: Re: low-overhead encrypted telnet
In-Reply-To: <Pine.3.88.9403020801.B1102-0100000@svme.er.sintef.no>
Message-ID: <199403021514.KAA03435@duke.bwh.harvard.edu>
MIME-Version: 1.0
Content-Type: text/plain

Rolf wrote:

| I am currently working on a project which requires encrypted TELNET.  We 
| will be encrypting *all* transmitted data to protect sensitive 
| information -- not just passwords.  Does anybody know the current status 
| of standardization of an encryption option for TELNET?

	I don't, but I would question the wisdom of putting lots of
effort into a telnet encryption scheme.  I would think it would be
much more productive to build an encryption scheme at the network
level, say, as packets are being encapsulated, so that users can
specify that they want an encrypted session for telnet or ftp, or even
sendmail could encrypt automatically when sending to certain hosts.

	By using a public key scheme to exchange session keys (much
like PGP), you could obtain the public key affiliated with your
destination IP, and know your packets are getting to the right place.

	A general framework, based on public key encryption would be a
far more flexible, powerful and useful tool for generating security on
the net than simply securing TELNET.


Adam Shostack 				       adam@bwh.harvard.edu

Politics.  From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.

Have you signed the anti-Clipper petition?