From: erc@s116.slcslip.indirect.com (Ed Carp [khijol Sysadmin])
Date: Tue, 31 Jan 95 22:37:21 PST
To: mab@research.att.com (Matt Blaze)
Subject: Re: ESP Unix encrypted session protocol software
In-Reply-To: <9501312336.AA11049@merckx.info.att.com>
Message-ID: <m0rZYSI-0004IOC@s116.slcslip.indirect.com>
MIME-Version: 1.0
Content-Type: text


> >Matt, why did you choose to implement your own protocol instead of
> >adding a DH authentication/encryption type to telnet?
> >
> >               Marc
> 
> I've got one of those, too (it won't be ready for release too soon, 
> though - telnet is big and ugly).  An encrypting telnet and telnetd
> almost always provide a more appropriate way to do session encryption.
> However, there are some situations where ESM is really the only
> option.  One is when you can't or don't want to install a daemon
> (e.g., for very occasional use).  More importantly, by running within
> the session, ESM can provide end-to-end encryption across an untrusted
> application-layer firewall (like the one I go through to get
> between home and work).

I might add that esm can be installed on unix boxes in your own account
without having to be root, something which cannot be said for telnetd.
Not everyone has root access to every box they are on, so implementing
one's own interface instead of having to rely on something that requires
root access on every machine makes a lot more sense.
-- 
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
801/534-8857 voicemail			801/460-1883 digital pager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi
                       ** PGP encrypted email preferred! **

Cop: "How many beers have you had tonight, bro?"
Suspect: "Seventy."  -- from the TV show "Cops"