-----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- In article <9501270023.AA17883@snark.imsi.com>, Perry E. Metzger <perry@imsi.com> wrote:

Well, sort of. A key management system that operates sort of like Kerberos' is necessary. However, thats really far from sufficient. Most Kerberized protocols authenticate only at the beginning of the session -- very very hijackable.

I just want to chime in that telnet{,d} clients are available that do encrypt every packet, built upon Kerberos v5 (and the GSSAPI) for key management. There are even libraries that sit on top of sockets with the same interface and do the encryption (and therefore the implicit authentication) of every packet. I'm sure Perry knew this, but I'm also sure others didn't. I'm afraid I don't have any pointers at the moment (though I know that they are in use in some parts of CMU), and unless your need is urgent and you already use kerberos you should just wait for the new swIPe. - - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus@hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLyh9zBNhgovrPB7dAQGk+gP/TatFUjwI79UT1UY5IQK82wlQ/jK7tOXb HX6zWCVU48l/vfAWHSYdS1QSQEeUMH4Z+lnW4lxW0G9fWDk/LxSlyJqnw/zDEbK+ 16ePq/6AWsCCA5Gt2HchAfVoC72iYOeU0oDMQJerr6K6s2FLZrR4vSEQAUSbkoJz VHLjcR6mrog= =JYyc - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLyi2nSoZzwIn1bdtAQFSiwGAspboooxRv7cVKp3/aPZGVaLkkscfSh/y PKrOIuBmAoaHmMwUGwV73ygYc3N1bvs0 =PKb8 -----END PGP SIGNATURE-----