> i'm not a security expert. what case that i can't currently see
> would tls solve for me that's worth the extra configuration.
> what am i missing?
I believe you are missing the fact that the
so-called "inferno/pop" password is no less
powerful from an authentication point of
view than the "plan9" password. If you give me
either one, I can convince a host owner factotum
that I am you, and thus change my user id to
yours on the local machine.
It turns out that the general login access daemons
all require p9any authentication, which can't be
carried out with the inferno/pop password, but
that's not fundamental. As far as factotum and
the kernel are concerned, the inferno/pop password
identifies you as much as the plan9 password.
So what I've described is, right now, only a local
escalation, not a network one. But there's no
fundamental reason for that to continue.
Better names would have been the "crappy DES"
("plan9") password and the "everything else"
("inferno/pop") password. The plan9 password
is not stored on the auth server -- its DES equivalent is.
The inferno/pop password *is* stored on the auth
server, making it possible to use in non-DES protocols.
If the plan9 password text had been stored originally,
the inferno/pop password wouldn't exist.
> tls seems like something extra to break. i have several
> dozen mac/windows users that need detailed instructions
> for every change.
Around 1999, DHCP was a royal pain, because
configuring it was difficult or undocumented,
the clients and all the servers spoke slightly different
dialects, and to a first approximation no one could
understand each other. Now, you just check a box
and it works. No one blinks at needing to set up DHCP.
IMAP and SMTP over TLS used to be difficult too,
but support for these has converged as they have
become more widespread. Now you just check a box.
Russ
