From: anon-remailer@utopia.hacktic.nl (Name Withheld by Request)
Date: Sat, 10 Feb 1996 03:39:09 +0800
To: cypherpunks@toad.com
Subject: Telnet-ietf: AUTH, ENCRYPT
Message-ID: <199602091910.UAA20013@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



Heads up:
	A discussion is starting up on the telnet-ietf list re: adding
message integrity checking to option negotiation, so it can't be hacked
with an active attack to defeat, for example, the AUTH and ENCRYPT options.
Highlights:
	- Authentication and encryption are (should be) orthogonal.
	- The "default" encryption should be something stronger than DES
	  OFB, which supposedly was chosen to accomodate dog-slow PCs.
	- Negotiation for non-authenticated, non-encrypted connections has to
	  be protected, too, to prevent attacks.

'telnet berserkly.cray.com 23000' gets you to an interactive browser of the
list archives.  Subscriptions to telnet-ietf-request@cray.com.

a