1995-10-24 - Re: Encrypted TCP Tunneler

Header Data

From: Tatu Ylonen <ylo@cs.hut.fi>
To: weidai@eskimo.com
Message Hash: a7ab33776ee737fcef79bc2a3f3ed9850343122f8388063c27a5b1c80f604a11
Message ID: <199510241625.SAA00777@soikko.cs.hut.fi>
Reply To: <Pine.SUN.3.91.951023022123.9641C-100000@eskimo.com>
UTC Datetime: 1995-10-24 16:13:40 UTC
Raw Date: Tue, 24 Oct 95 09:13:40 PDT

Raw message

From: Tatu Ylonen <ylo@cs.hut.fi>
Date: Tue, 24 Oct 95 09:13:40 PDT
To: weidai@eskimo.com
Subject: Re: Encrypted TCP Tunneler
In-Reply-To: <Pine.SUN.3.91.951023022123.9641C-100000@eskimo.com>
Message-ID: <199510241625.SAA00777@soikko.cs.hut.fi>
MIME-Version: 1.0
Content-Type: text/plain


> However, I probably won't give up ETT yet, because there are some design 
> differences that would make ETT more useful in certain circumstances.  
> SSH seems to be design mainly as a secure telnet program, with TCP port 
> redirection added on, which suggests (although I'm not sure) that you 
> need to have an user account on the SSH server to connect to it.  It also 
> does not seem to do any filtering of TCP redirection requests.  Chaining 
> would not work well with SSH because of its packet overhead.

You are quite right here; some kind of account is needed on the
forwarder machine.  (It can, though, be an account without password
and a login shell that just sleeps.)  But anyway, TCP port forwarding
is not its main function.  (I don't think the packetizing is such a
major overhead though - it currently transfers around 400kbytes/sec
over ethernet encrypted with RC4 between P90 machines.)

> authentication schemes.  What are the relative advantages of your protocol
> over a more straight-forward DH + signature of exchange values?  DH would
> provide forward secrecy directly without the need to change the server key
> every hour. 

The reasons for this key exchange are mostly historical.  If I was
starting the implementation now, I would use DH + signatures.  The
performance difference is not very big, but DH + signature would be simpler.

    Tatu

Thread

• Return to October 1995

• Return to “anon-remailer@utopia.hacktic.nl (Anonymous)”
• Return to “Enzo Michelangeli <enzo@ima.com>”
• Return to “Eric Young <eay@mincom.oz.au>”
• Return to “Hal <hfinney@shell.portal.com>”
• Return to “Mark <mark@lochard.com.au>”
• Return to ““Perry E. Metzger” <perry@piermont.com>”
• Return to “sameer <sameer@c2.org>”
• Return to “someone <zxmjn11@here.or.there>”
• Return to “Tatu Ylonen <ylo@cs.hut.fi>”

• Return to “Wei Dai <weidai@eskimo.com>”

• 1995-10-21 (Sat, 21 Oct 95 15:18:21 PDT) - Encrypted TCP Tunneler - Wei Dai <weidai@eskimo.com>
  • 1995-10-22 (Sat, 21 Oct 95 18:03:58 PDT) - Re: Encrypted TCP Tunneler - Hal <hfinney@shell.portal.com>
    • 1995-10-22 (Sat, 21 Oct 95 19:33:33 PDT) - Re: Encrypted TCP Tunneler - Mark <mark@lochard.com.au>
      • 1995-10-22 (Sat, 21 Oct 95 20:54:59 PDT) - Re: Encrypted TCP Tunneler - sameer <sameer@c2.org>
        • 1995-10-22 (Sat, 21 Oct 95 23:33:14 PDT) - Re: Encrypted TCP Tunneler - Mark <mark@lochard.com.au>
          • 1995-10-22 (Sun, 22 Oct 95 00:45:39 PDT) - Re: Encrypted TCP Tunneler - sameer <sameer@c2.org>
    • 1995-10-22 (Sun, 22 Oct 95 00:29:35 PDT) - Re: Encrypted TCP Tunneler - Wei Dai <weidai@eskimo.com>
  • 1995-10-22 (Sun, 22 Oct 95 10:03:45 PDT) - Re: Encrypted TCP Tunneler - “Perry E. Metzger” <perry@piermont.com>
  • 1995-10-22 (Sun, 22 Oct 95 16:49:15 PDT) - Re: Encrypted TCP Tunneler - Tatu Ylonen <ylo@cs.hut.fi>
    • 1995-10-23 (Mon, 23 Oct 95 01:58:45 PDT) - Re: Encrypted TCP Tunneler - Enzo Michelangeli <enzo@ima.com>
      • 1995-10-23 (Mon, 23 Oct 95 02:33:59 PDT) - Re: Encrypted TCP Tunneler - Eric Young <eay@mincom.oz.au>
    • 1995-10-23 (Mon, 23 Oct 95 02:53:19 PDT) - Re: Encrypted TCP Tunneler - Wei Dai <weidai@eskimo.com>
      • 1995-10-24 (Tue, 24 Oct 95 09:13:40 PDT) - Re: Encrypted TCP Tunneler - Tatu Ylonen <ylo@cs.hut.fi>
      • 1995-10-28 (Sat, 28 Oct 1995 09:47:24 +0800) - Re: Encrypted TCP Tunneler - someone <zxmjn11@here.or.there>
  • 1995-10-23 (Mon, 23 Oct 95 15:24:02 PDT) - Re: Encrypted TCP Tunneler - anon-remailer@utopia.hacktic.nl (Anonymous)