Telnet-ietf: AUTH, ENCRYPT
Name Withheld by Request
anon-remailer at utopia.hacktic.nl
Fri Feb 9 11:39:09 PST 1996
Heads up:
A discussion is starting up on the telnet-ietf list re: adding
message integrity checking to option negotiation, so it can't be hacked
with an active attack to defeat, for example, the AUTH and ENCRYPT options.
Highlights:
- Authentication and encryption are (should be) orthogonal.
- The "default" encryption should be something stronger than DES
OFB, which supposedly was chosen to accomodate dog-slow PCs.
- Negotiation for non-authenticated, non-encrypted connections has to
be protected, too, to prevent attacks.
'telnet berserkly.cray.com 23000' gets you to an interactive browser of the
list archives. Subscriptions to telnet-ietf-request at cray.com.
a
More information about the Testlist
mailing list