Secure comm program, Sockets + LINK

jpp at markv.com jpp at markv.com
Tue Jul 13 20:43:52 PDT 1993


  My concerns about two way authentication become clear when you
concider the LINK+sockets program a substitute for rsh, rexec, login
or similar programs.  You don't want to be spoofed, and you don't want
others using your account.

  When you are using LINK in the way it was originaly designed, you
more or less *have* authentication in both directions.  From you to it
since discovering a private key given a public key is concidered
hard.  From it to you since *presumably* the only user able to read
the key file on the shared machine is you.

  The bootstrap problem (how you get the public key to the machine
with only unsecure chanels at your disposal) is interesting though.  I
wonder if it can be solved without DH key exchange?

j'






More information about the cypherpunks-legacy mailing list