17 Dec
2003
17 Dec
'03
11:17 p.m.
The big issue, in my mind, is how the ftpd is going to get the key to unlock the *system's* private key... Do you compile it into the code? Should ftpd ask for it when it comes up?
Since active interception is not nearly so easy as passive listening, it would be appropriate to use a Diffie-Hellman key exchange in this situation. This protocol has no persistent private keys, so the issue of keeping a private key around securely is not an issue. Eric