Rolf wrote: | I am currently working on a project which requires encrypted TELNET. We | will be encrypting *all* transmitted data to protect sensitive | information -- not just passwords. Does anybody know the current status | of standardization of an encryption option for TELNET? I don't, but I would question the wisdom of putting lots of effort into a telnet encryption scheme. I would think it would be much more productive to build an encryption scheme at the network level, say, as packets are being encapsulated, so that users can specify that they want an encrypted session for telnet or ftp, or even sendmail could encrypt automatically when sending to certain hosts. By using a public key scheme to exchange session keys (much like PGP), you could obtain the public key affiliated with your destination IP, and know your packets are getting to the right place. A general framework, based on public key encryption would be a far more flexible, powerful and useful tool for generating security on the net than simply securing TELNET. Adam -- Adam Shostack adam@bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. Have you signed the anti-Clipper petition?