Re: Telnet Encryption Specification
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Telnet Encryption Specification
>Comments can go to me, or if people don't mind my using the old telnet
>working group list (after all, these drafts were orginated out of the
>telent wg lo these many years ago), to telnet-ietf at bsdi.com.
Wow, just in time ... I just saw a internet draft submitted a couple
of days ago suggesting the ditching of the AUTHENTICATE option and
using SASL (because, according to the draft author, the AUTHENTICATE
option is only used for Kerberos 4 :-/).
Comments:
Mark Eichin made a cryptic comment a little while ago that the
current CFB encryption mode used by the V5 telnet (the fact that
it just XOR's your plaintext against the encryption stream to get
the output) opens you up to an attack. I confess that I didn't
quite understand what he was talking about, but someone smarter
than me (perhaps Mark himself) should look at this and possibly
propose a new encryption option that fixes this problem.
And while we're at it .... why not define an encryption mode for
3DES? It'll save you the trouble of writing a new RFC later :-)
--Ken
Note Well: Messages sent to this mailing list are the opinions
of the senders and do not imply endorsement by the IETF.
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
