17 Dec
2003
17 Dec
'03
11:17 p.m.
Heads up: A discussion is starting up on the telnet-ietf list re: adding message integrity checking to option negotiation, so it can't be hacked with an active attack to defeat, for example, the AUTH and ENCRYPT options. Highlights: - Authentication and encryption are (should be) orthogonal. - The "default" encryption should be something stronger than DES OFB, which supposedly was chosen to accomodate dog-slow PCs. - Negotiation for non-authenticated, non-encrypted connections has to be protected, too, to prevent attacks. 'telnet berserkly.cray.com 23000' gets you to an interactive browser of the list archives. Subscriptions to telnet-ietf-request@cray.com. a