> > > Does the OpenSSL team also intend to adopt/coordinate the
> > development
> > > of the SSL client applications like SSLtelnet and SSLftp.
> > Or are they
> > > only interested in apache-ssl?
> >
> > SSL Telnet is a problem application. Its AUTHENTICATION TYPE number
> > was never registered with IANA (now ICANN) and the number that it uses
> > was previous given to another authentication type.
>
> According to IANA website (linked from ICANN site) and document
> http://www.isi.edu/in-notes/iana/assignments/telnet-options
> AUTHENTICATION TYPE number 7 is in fact assigned to SSL with reference
> "Hudson".
Notice the attribution date:
[Hudson] Tim Hudson <[EMAIL PROTECTED]>, December 1998.
This reference is there because I asked IANA to list it. I'm glad to
see that it is now officially assigned. Regardless, I would still
recommend that the OpenSSL group look at the Telnet START_TLS
Internet-Draft because the integration of SSLv3/TLSv1 with Telnet as
described in that draft allows for privacy and server auth via SSL/TLS
and user authentication via RFC 1416 using Kerberos, Secure Remote
Password, or any other implemented scheme. Tim Hudson's SSL
integration with RFC 1416 (telnet AUTH) does not actually perform any
authentication in either direction.
Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2
The Kermit Project * Columbia University
612 West 115th St #716 * New York, NY * 10025
http://www.kermit-project.org/k95.html * [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
