Meant to send this to the list only. Sorry for the extra mail Jason. -------- Original Message -------- Subject: RE: I'm clueless too. (poll) From: "Jef Waite" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>
> Here Here! on the SSH idea. > > Many people use mud clients... this is true. Mud client use telnet. > telnet is a very insecure protocol.. A real quick way to get immortal > access on a mud. > One reason I wouldn't have my mud hosted on a server I couldn't at > least have some control over is because of this. Maybe I'm slightly > paranoid, but there are many people who are not trustworthy, and > throwing the NIC in promiscous mode and grabbing a few player/immortal > passwords would be like taking candy from a baby. > > Course, this can be said regarding the client side of the connection as > well. > > I would love to use SSH instead. > I agree, telnet is 100% (maybe more.. :) ) insecure... I don't use telnet to connect to any systems I have control over. That being said, the only way this is going to change is if mud clients include encryption. Maybe a MEP (mud encryption protocol). Using the openSSL libs aren't very difficult to work with. I just don't see people giving up their mud clients for security, and until it's a standard, and people are telling the client developers to use it, then there's not much hope in this. Maybe we could start our own RFC and get it pushed, but it would require a lot of backing to do. The other thing with SSH (not sure if SSL does this) is you can turn compression on, so it would eliminate MCP inside the code to some extent. Jef
