...

Matt, why did you choose to implement your own protocol instead of adding a DH authentication/encryption type to telnet?

Marc

I've got one of those, too (it won't be ready for release too soon, though - telnet is big and ugly). An encrypting telnet and telnetd almost always provide a more appropriate way to do session encryption. However, there are some situations where ESM is really the only option. One is when you can't or don't want to install a daemon (e.g., for very occasional use). More importantly, by running within the session, ESM can provide end-to-end encryption across an untrusted application-layer firewall (like the one I go through to get between home and work).

I might add that esm can be installed on unix boxes in your own account without having to be root, something which cannot be said for telnetd. Not everyone has root access to every box they are on, so implementing one's own interface instead of having to rely on something that requires root access on every machine makes a lot more sense. -- Ed Carp, N7EKG Ed.Carp@linux.org, ecarp@netcom.com 801/534-8857 voicemail 801/460-1883 digital pager Finger ecarp@netcom.com for PGP 2.5 public key an88744@anon.penet.fi ** PGP encrypted email preferred! ** Cop: "How many beers have you had tonight, bro?" Suspect: "Seventy." -- from the TV show "Cops"