[448] in Kerberos_V5_Development
Kerberized Telnet (A warning)
daemon@ATHENA.MIT.EDU (Clifford Neuman)
Sun Nov 18 19:58:51 1990
Date: Sun, 18 Nov 90 16:58:06 -0800
From: bcn@cs.washington.edu (Clifford Neuman)
To: jis@MIT.EDU
Cc: jon@MIT.EDU, prb@krystal.cray.com, krbdev@ATHENA.MIT.EDU
In-Reply-To: Jeffrey I. Schiller's message of Sat, 17 Nov 90 19:53:42 EST <9011180053.AA06607@BIG-SCREW>
My original message was to point out the shortcoming, not to claim it
was a fatal flaw. I agree with Jeff that the right way to approach
this might be punt on integrity, but to make sure that users are aware
of that fact. As Paul indicates, this will only be one option for
encryption in telnet, so doing so does not preclude us from adding
integrity later. For the time being, users will have to use rlogin if
integrity is desired.
~ Cliff
