1995-01-27 - Re: CERT statement

Header Data

From: cactus@seabsd.hks.net (Todd Masco)
To: cypherpunks@toad.com
Message Hash: 4c3d975e39de819119585a13f1caa68d77f844d474fd55e13d14d0ebfecff614
Message ID: <199501270902.EAA03085@bb.hks.net>
Reply To: N/A
UTC Datetime: 1995-01-27 09:06:29 UTC
Raw Date: Fri, 27 Jan 95 01:06:29 PST

Raw message

From: cactus@seabsd.hks.net (Todd Masco)
Date: Fri, 27 Jan 95 01:06:29 PST
To: cypherpunks@toad.com
Subject: Re: CERT statement
Message-ID: <199501270902.EAA03085@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

- -----BEGIN PGP SIGNED MESSAGE-----

In article <9501270023.AA17883@snark.imsi.com>,
Perry E. Metzger <perry@imsi.com> wrote:
>Well, sort of. A key management system that operates sort of like
>Kerberos' is necessary. However, thats really far from
>sufficient. Most Kerberized protocols authenticate only at the
>beginning of the session -- very very hijackable.

I just want to chime in that telnet{,d} clients are available that do
encrypt every packet, built upon Kerberos v5 (and the GSSAPI) for key
management.  There are even libraries that sit on top of sockets with
the same interface and do the encryption (and therefore the implicit
authentication) of every packet.

I'm sure Perry knew this, but I'm also sure others didn't.  I'm afraid
I don't have any pointers at the moment (though I know that they are
in use in some parts of CMU), and unless your need is urgent
and you already use kerberos you should just wait for the new swIPe.
- - --
Todd Masco     | "life without caution/ the only worth living / love for a man/
cactus@hks.net |  love for a woman/ love for the facts/ protectless" - A Rich
Cactus' Homepage

- -----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBLyh9zBNhgovrPB7dAQGk+gP/TatFUjwI79UT1UY5IQK82wlQ/jK7tOXb
HX6zWCVU48l/vfAWHSYdS1QSQEeUMH4Z+lnW4lxW0G9fWDk/LxSlyJqnw/zDEbK+
16ePq/6AWsCCA5Gt2HchAfVoC72iYOeU0oDMQJerr6K6s2FLZrR4vSEQAUSbkoJz
VHLjcR6mrog=
=JYyc
- -----END PGP SIGNATURE-----
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBLyi2nSoZzwIn1bdtAQFSiwGAspboooxRv7cVKp3/aPZGVaLkkscfSh/y
PKrOIuBmAoaHmMwUGwV73ygYc3N1bvs0
=PKb8
-----END PGP SIGNATURE-----





Thread