On 28 Oct 2000, Nicolas Williams <[EMAIL PROTECTED]> wrote:
> If I may I'd like to suggest an alternative: use Diffie-Hellmann for the
> key exchange and use the DH key as the symmetric encryption key. This
> gives you anonymous encrypted sessions. Add an authentication feature
> (basic, GSS-API, SASL, whatever) and you have authenticated encrypted
> sessions.
Yes, it would be pointless to reimplement Diffie-Hellman, etc.
Builtin crypto is only useful if it's simple.
> See the current discussion on SSHv2 and GSS-API/Kerberos on the
> [EMAIL PROTECTED] and [EMAIL PROTECTED] lists. The latter has an
> archive:
>
> http://www.mit.edu:8008/menelaus.mit.edu/kerberos/
I will.
> My guess is that if the SSHv2 spec issues are cleared up then SSHv2 is
> the best possibility for rsync. I don't mean using SSH with rsync as is
> done now, but rather to use SSH as a library within rsync instead of as
> an external program.
Embedding ssh as a library might work around many of the TCP stack
bugs, but like SSL I doubt the ssh library could cope with sharing a
single socket between two processes.
--
Martin Pool, Linuxcare, Inc.
+61 2 6262 8990
[EMAIL PROTECTED], http://www.linuxcare.com/
Linuxcare. Support for the revolution.
PGP signature
