> Johan Danielsson opined:
> > Another layer to what? What other security is there that I have
> > control over? Please enlighten me about this mysterious security that
> > works by magic, and that nobody talks about.
> >
> Maybe you aren't talking to the right folks....
>
> I use Nifty Telnet with SSH, and OpenSSH is on the other end. SSL (TLS)
> is incorporated in my Navigator browser, and OpenSSL is on the other end.
> NAI PGPnet is in my menu bar, and OpenBSD or Linux FreeSWAN is on the
> other end.
SSH is not equal to Telnet. The SSH you are talking about is not even
being discussed in the IETF. OpenSSH and Nifty Telnet are the SSH v1
protocol and it provides no reliable form of host authentication.
Besides it opens up more security holes when a root breakin occurs.
SSL/TLS is an IETF standard AND as I said in another posting we are
working on an IETF Telnet Option to support it. But it does not
provide for client authentication and requires a great deal more
effort to provide server authentication than the existing (in general
use) Telnet Auth methods.
RFC 1416 (Telnet Authentication) provides a hole that allows a Mack
truck to disable the use of encryption. The new draft fixes it and
provides backwards compatibility for the Telnet Encryption option
which never was published as an RFC. Not because it wasn't being used
but because at the time there were a lot of questions about whether it
even could be due to U.S. law.
> > Historic implies that it isn't in general use. Telnet encryption is,
> > no matter what you think about it.
> >
> 4.2.4 Historic
>
> A specification that has been superseded by a more recent
> specification or is for any other reason considered to be obsolete is
> assigned to the "Historic" level. (Purists have suggested that the
> word should be "Historical"; however, at this point the use of
> "Historic" is historical.)
Since we do not at the present time have anything in Telnet that is
ready to go standards track to replace telnet encryption it would be
inappropriate to issue it as Historical. When Telnet over TLS is
Proposed Standard we can re-examine the issue.
Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2
The Kermit Project * Columbia University
612 West 115th St #716 * New York, NY * 10025
http://www.kermit-project.org/k95.html * [EMAIL PROTECTED]
