Graham Toal says:
I really think this project is a serious mistake. People should, if they insist, produce software compatible with the draft RFCs on telnet encryption and authentication -- although such code has already been written. The notion of putting in all this effort just to avoid having to deal with your system administrator, especially when he should be happy to install such code given the recent rash of internet breakins, seems misplaced to me.
Perry, I'm no longer interested in what you have to say. You've been a wet blanket and have pooh-poohed every practical suggestion I've ever seen anyone making - weren't you one of the first people to post to the netphone project telling us we were all wasting our time?
No I was not. As for this current "idea", with an implementation of an encrypted STANDARD telnet already written and likely available soon for anonymous FTP, I think I'm being sane, not "a wet blanket". You can already get a version of the Cray telnet that implements the authentication code and hack in a reimplementation of the encryption code if you wish. See below for that. However, producing silly non-standard telnet hacks makes little sense.
Cypherpunks write code, except when asked not to by Perry Metzger.
The point of this code, in case you missed it, is so that people can take responsibility for their own encryption and not have to trust software installed by someone else, just like we all use pgp rather than Clipper.
You can't help trusting code installed by someone else. How many of us write our own operating systems from scratch? So long as you have the source code, and the source code to the telnet I am speaking of is widely available, what is the difference? The source code for the authenticating telnet is available from ftp.cray.com(128.162.15.3):src/telnet/telnet.94.02.07.NE.tar.Z Now, David Borman has not been very forthcoming with the encrypting version of this system (although all the hooks are already there) and if anyone wants to take a crack at adding in an implementation of the draft encryption standard (which should be quite quick) that would indeed be a useful effort. I will happily mail a copy of the draft RFC to anyone who doesn't have it and can't get it. Perry