From: Graham Toal <gtoal@an-teallach.com>
Date: Sun, 6 Mar 94 04:39:22 PST
To: pmetzger@lehman.com
Subject: Re: Update on user-level hack to do telnet encryption posted recently
Message-ID: <199403061234.MAA27780@an-teallach.com>
MIME-Version: 1.0
Content-Type: text/plain


	As for this current "idea", with an implementation of an encrypted
	STANDARD telnet already written and likely available soon for
	anonymous FTP, I think I'm being sane, not "a wet blanket". You can
	already get a version of the Cray telnet that implements the
	authentication code and hack in a reimplementation of the encryption
	code if you wish. See below for that. However, producing silly
	non-standard telnet hacks makes little sense.

Perry, I *already* have the bsd4.4 Kerberized telnet with DES that comes with
the BSDI distribution (original code in the US, a re-implementation on
supplementary floppies in the UK) - I've had it for half a year now,
and you know what? - it's of no use to me at all.  Not *one* of the dozen
odd sites I telnet to is running it.  Maybe in several years time we'll
all be running the same encrypted telnet, but for now I want *something*
to keep the nosey little kids from reading my packets and if I have to
ftp a short source and compile it every time I log in somewhere then
that's what I'll do.  I bet my telnet sessions are secure a lot sooner
than yours are.  The degree of that security depends to some extent on
how much help I get implementing a stream cypher because I'm not sure I
trust myself to do it properly.  So I would really appreciate if you
don't think this project is worthwhile, that you simply don't contribute
rather than going out of your way to encourage others not to as well.

G