[447] in Kerberos_V5_Development
Re: Kerberized Telnet (A warning)
daemon@ATHENA.MIT.EDU (Paul Borman)
Sun Nov 18 02:26:15 1990
Date: Sun, 18 Nov 1990 01:26:45 CST -0600
From: Paul Borman <prb@krystal.cray.com>
To: krbdev@ATHENA.MIT.EDU
I think what we are seeing here is that different people have
different requirements for their encryption. Basically, what I
want most is just to make it difficult (if not impossible) for someone
to watch me type passwords over the net, and just keep peoples noses
out of my business. I really don't think that what I do is so sensitve
that someone would really spend all the effort to xor in a new data
stream, which presumably knows how close I am to a prompt so it can
make me execute some sort of command which gives all my secrets away
(which he already knows in order to xor in my data stream).
On the other hand, some people really do have things they really do
need to keep extra secret and there really will be people trying to
crack their session (perhaps they shouldn't be using the net for things
like that).
Other people might have different demands.
I think that the nice part about how telnet works is that ALL these
people can be accomodated! The encryption type I put into telnet is
called the TEST encryption type. (i.e. I used it to test the
encryption mechanism). Telnet can support up to 256 types of
encryption. I would guess that the 256th type will really be a
multiplexor for more types.
The mechanism also allows for per type subnegotiation for things
like feeds, new keys, or possibly checksums or signatures.
Anyhow, the next telnet release (not kerberos) will be a bug fix
release to the previous release. The release after that should be
the authentication/ encryption release (probably shortly after). That
release should contain a realtivly stable infterface for adding new
encryption (and authentication) types. I also plan to have it
documented!
-Paul
