low-overhead encrypted telnet

smb at research.att.com smb at research.att.com
Wed Mar 2 08:46:23 PST 1994


	 
	 Eric Hughes says:
	 > The reason that encrypted telnet is a good thing is that modificatio
	n
	 > at the network level requires kernel modification, and encrypting a
	 > telnet does not.  Installing an encrypted telnet daemon does require
	 > sysadmin cooperation, but it doesn't mean recompiling the kernel.

	 Although running an encrypted IP stack does require sysadmin
	 cooperation, it does not require a kernel rebuild -- John Ioannidis
	 has built modloadable versions of most of the swIPe software.

Assuming, of course, that you're running a system that has modload.
(Ironically, CERT has recommended that you delete loadable device drivers
from systems that don't need them, as a way to guard against password-
sniffers.)

	 > As such, encrypted telnet is a good intermediate while the long term
	 > solution of encrypted IP gets developed and deployed.

	 Agreed -- sadly its arriving VERY slowly. 4.4BSD Lite comes with a
	 standards-compliant encrypted telnet implementation, however.

What standards?  There are no RFCs, nor any current drafts, that define
a telnet encryption option.  The last draft I saw was from 1991, and
Internet drafts expire after 6 months.  As I recall, the idea that was
being pushed then was to integrate encryption more closely with
authentication.






More information about the cypherpunks-legacy mailing list