In article <9urro9$12mp$[EMAIL PROTECTED]>, Salil Dangi <[EMAIL PROTECTED]> wrote: : > "Jeffrey Altman" <[EMAIL PROTECTED]> wrote in message : > 9umtg9$lej$[EMAIL PROTECTED]">news:9umtg9$lej$[EMAIL PROTECTED]... : > : > However, the Telnet Encryption option regardless of the key strength : > does not provide integrity protection and so it should no longer : > be used. Instead, STARTTLS should be used to negotiate a TLS : > cipher to protect the session and run Telnet over that with an : > optional Kerberos 5 authentication to verify the TLS session. : > (Kerberos 5 could also be used as the key exchange method in the : > TLS negotiation.) : : In order to solve the integrity problem, we have implemented following : variant where the negotiations are identical to the DES_CFB64 except : for the type: : : Encrypted data is sent as follows: : 4 byte length of the GSS Wrapped message : GSS Wrapped message. : : If the Receiver is expecting encrypted data then it reads 4 bytes, and : then reads bytes specified by the previous 4 bytes and UNWRAPS : using the GSS calls. : : Salil
Just wondering: . where did you get the Telnet Encryption Option ENCTYPE number from? -- Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 Beta available The Kermit Project @ Columbia University includes Secure Telnet and FTP http://www.kermit-project.org/ using Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. SSH soon to follow.
