From: Jef Poskanzer <jef@ee.lbl.gov>
Date: Sat, 24 Sep 94 13:02:40 PDT
To: perry@imsi.com
Subject: Re: kerberosV telnet
Message-ID: <199409242002.NAA10352@hot.ee.lbl.gov>
MIME-Version: 1.0
Content-Type: text/plain


Perry Metzger:
>Jef Poskanzer says:
>> "That turns out not to be the case."  The version of CNS that we have
>> doesn't have any encryption beyond DES.  4.4BSD telnet is basically
>> identical to kerberosV telnet, and the only encryption it has is DES.
>
>The 4.4 telnet is NOT identical. Its much better code, has lots of
>neat new capabilities that you probably want, is more modular, and the
>versions I saw had hooks for D-H and the like, which is where most of
>the work is -- you can get the D-H code from RSAREF and steal the IDEA
>code from PGP; from there the changes are small.

I just did a diff -r between the Kerberos V telnet/telnetd/libtelnet
and the 4.4BSD version.  From 1.5 MB of source code I get 40KB of diffs.
In my book a 2% difference qualifies as basically identical.  Plus 90%
of the diffs were memcpy/bcopy changes.

I know there are nice hooks in the code for adding new encryption
and authentication modules.  I know it would be relatively easy to
add IDEA and DH.  That's why I'm asking whether anyone has already
done it.  Do you get it this time, or should I go for four?

Perry, why don't you let someone else reply this time?
---
Jef