Date: Sun, 15 Aug 1999 15:33:37 -0700 From: Nick Sayer <nsayer@quack.kfu.com> To: walton@nordicrecords.com Cc: freebsd-hackers@freebsd.org Subject: Re: Whither makefiles for src/crypto/telnet/* ? Message-ID: <37B74041.F24CCFB4@quack.kfu.com> References: <19990815221506.26168.qmail@modgud.nordicrecords.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a cryptographically signed message in MIME format. --------------ms99BFC59FDAB7C51D27174F09 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Dave Walton wrote: > > On 14 Aug 99, at 5:43, Nick Sayer wrote: > > > Dave Walton wrote: > > > > > > If you really want to work on an encrypted telnet, check out The > > > Stanford SRP Authentication Project (http://srp.stanford.edu/srp/). > > > I'd love to see SRP integrated into the FreeBSD telnet/telnetd. > > > > Again, the problem is that there is administrative overhead - a separate > > password database is required. > > Yes, there is /etc/tpasswd to deal with. I guess what I should have > said is that I'd love to see SRP integrated into FreeBSD (as PAM, > perhaps?). Properly done, the various system utilities would keep > passwd, master.passwd and tpasswd in sync, and SRP > authentication/encryption would be available to telnet, ftp, or > anything else. True enough. You'd have to force your users to run 'passwd' once as a conversion step, and you'd have to modify scripts like 'adduser' to set up the new format. > (Disclaimer: Authentication and PAM are way outside of anything I > know anything about, so I really have no idea what it would take to > make that work.) > > > Keep in mind, also, that as long as AUTHTYPE_SRP and > > AUTHTYPE_SRA are different numbers, both could be present. I > > would even conceed that SRP should be tried before SRA. But I'd > > sure as hell rather use SRA than nothing. > > Ok, Nick implements SRA for folks in heterogenous NIS > environments, and Kris implements SRP for those of us without > that restriction. How's that for a non-cryptographic compromise? :) I can commit SRA into src/crypto/telnet immediately, if it is appropriate to do so. > Unfortunately, this whole discussion ignores one ugly problem: > client availability. It's a chicken and egg problem. But I am sure that if we build it, they will come. But only if it comes by default and has no overhead and works with legacy systems -- that is, it is a no effort drop-in. People who type "telnet" will just magically see that their session is encrypted without them doing anything different. THAT'S the only way it will start to happen. --------------ms99BFC59FDAB7C51D27174F09 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIIYQYJKoZIhvcNAQcCoIIIUjCCCE4CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC Bg0wggLMMIICNaADAgECAgMBD9UwDQYJKoZIhvcNAQEEBQAwgbkxCzAJBgNVBAYTAlpBMRUw EwYDVQQIEwxXZXN0ZXJuIENhcGUxFDASBgNVBAcTC0R1cmJhbnZpbGxlMRowGAYDVQQKExFU aGF3dGUgQ29uc3VsdGluZzEpMCcGA1UECxMgVGhhd3RlIFBGIFJTQSBJSyAxOTk4LjkuMTYg MTc6NTUxNjA0BgNVBAMTLVRoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBSU0EgSXNzdWVyIDE5 OTguOS4xNjAeFw05OTA2MzAxODQ5MThaFw0wMDA2MjkxODQ5MThaMEYxHzAdBgNVBAMTFlRo YXd0ZSBGcmVlbWFpbCBNZW1iZXIxIzAhBgkqhkiG9w0BCQEWFG5zYXllckBxdWFjay5rZnUu Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtPesTaUkUiIKTgqTaoEnwlLO1SBnO RPric7/C6uigrRTS79US/3P4Lcbvu4wSy5fnsrfxqlF407Ph8D6AZyzNYStjJIG9JQmjqS/D dftViyzYAews9wnB1/fRv4MHGjLcihsxbvN8tvT97jrRk8NKTjEjZgzVw8bIKMyUAxrOVQID AQABo1QwUjARBglghkgBhvhCAQEEBAMCBaAwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQC MAAwHwYDVR0jBBgwFoAU/j5gnGuMD7DYM8bKxh5YsHE4teAwDQYJKoZIhvcNAQEEBQADgYEA Z42MrXC1NX3nIG/c3WsEPDhhrYKXJx5H41OnPaf6WO1mK8VdNBuxKl05zaFP+MmxoN/FP142 ZUb9lNM+2AnDGt70MIW6NKt9uXgW5Pc0NOaGTm12MnjVGMa0/ugDcIRR/eZ/7PVChF7nz5GI 79q9+YrQeicewj9qy5j4HIDcsFswggM5MIICoqADAgECAgEKMA0GCSqGSIb3DQEBBAUAMIHR MQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRv d24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9u IFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwg Q0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wHhcNOTgw OTE2MTc1NTM0WhcNMDAwOTE1MTc1NTM0WjCBuTELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdl c3Rlcm4gQ2FwZTEUMBIGA1UEBxMLRHVyYmFudmlsbGUxGjAYBgNVBAoTEVRoYXd0ZSBDb25z dWx0aW5nMSkwJwYDVQQLEyBUaGF3dGUgUEYgUlNBIElLIDE5OTguOS4xNiAxNzo1NTE2MDQG A1UEAxMtVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIFJTQSBJc3N1ZXIgMTk5OC45LjE2MIGf MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEpeXU1NBfCALuByF9JL+ra44e6yAHAhWEa4/Q kyQfG53uaLK5LE/pk2cXEBceoflDQSO5MKp2l7vz5/2BwLUxi/amUCZU8pUo6xmkHpcesOK4 m8EEmjLQPAlsT+Q1T/B2vwATA09FCGDz/LTQkAGKEsmcun9S6iqTNTY8POQ1LwIDAQABozcw NTASBgNVHRMBAf8ECDAGAQH/AgEAMB8GA1UdIwQYMBaAFHJJwnM0xlX0C3ZygX539IfnxrIO MA0GCSqGSIb3DQEBBAUAA4GBACzHgh8BQz4Hj+5pXKlkgvjAlq2TK8ubUNdAmoHCuqZ2nTyV QNxVweFVgnmrCimm1QzhVyg+j/m71d8Nk1iqWy2LjzPk3VgVNXZyFSm9QvRakgt3X50n25ot ThuCBo7SjVa7ld7bDGUF3pWeAt1TF76+/GvDGiJ6FCthvcKfXnpaMYICHDCCAhgCAQEwgcEw gbkxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxFDASBgNVBAcTC0R1cmJh bnZpbGxlMRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEpMCcGA1UECxMgVGhhd3RlIFBG IFJTQSBJSyAxOTk4LjkuMTYgMTc6NTUxNjA0BgNVBAMTLVRoYXd0ZSBQZXJzb25hbCBGcmVl bWFpbCBSU0EgSXNzdWVyIDE5OTguOS4xNgIDAQ/VMAkGBSsOAwIaBQCggbEwGAYJKoZIhvcN AQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNOTkwODE1MjIzMzQwWjAjBgkqhkiG 9w0BCQQxFgQUwtOKncE+/69nRgcmka71BnAMVXMwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG 9w0DBzAOBggqhkiG9w0DAgICAIAwBwYFKw4DAgcwDQYIKoZIhvcNAwICAUAwDQYIKoZIhvcN AwICASgwDQYJKoZIhvcNAQEBBQAEgYAyGHc5taFbzrQDEdMwmu0YqA19Z3zQJmofa+cu/W1r vuG2QMdSJoSH1mSjV49SoncIzt9Twk8pyuywFXQblozccRR+DRMdzNqpb2CZOSOAhVm03Naf 1zF4TbU8xk4K9FumYM7lNoLMghPS8eSfgEPEEuTqay6U9EIbc0wMmjIM3g== --------------ms99BFC59FDAB7C51D27174F09-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37B74041.F24CCFB4>