LISTSERV - HP3000-L Archives

HP3000-L Archives

September 1999, Week 3

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L September 1999, Week 3

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Telnet encryption
From:	Richard Gambrell <[log in to unmask]>
Reply To:	Richard Gambrell <[log in to unmask]>
Date:	Sat, 18 Sep 1999 10:01:30 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (64 lines)

Wirt Atmar wrote:
>
> A few days ago, Ted Ashton asked:
>
> > I got to wondering: Are you going to put anything like SSL into QCTerm?
...[snip details]
> This routine will not fool anybody at the NSA or the CIA for long, but
> you have compare it with what we currently have, which is nothing.
> Everything that's being transmitted over telnet or NS/VT at the moment
> is right out there in the clear, for anyone to read if they want to.
> This routine provides an encryption algorithm that is simple, relatively
> secure (quite secure to the casual hacker), and quick. More importantly
> yet, it's doable in a short period of time. Any other implementation
> is going to take years.
>
> Comments?
>
> Wirt Atmar

This got me thinking, while I suppose I support the goal of simple,
transparent secure communications, let's not panic anyone.  Telephone,
fax, Cell, two-way radio, snail mail, face-to-face, etc., communications
have been mostly in the clear for years.  How many businesses encrypt
their postal mail communications?  Why don't more businesses use
encryption now for pre-Internet communications?

Eavesdropping on a telnet sessions is easy like wiretapping is easy, only
its harder as we all move to a fully switched local networks.  To do it,
one must be in the right place at the right time with the right equipment.
There may be clever hacks that copy streams of data off of Internet
routers, just like someone can intercept business mail, but someone must
have wanted to listen.

By contrast, E-mail, like paper, seems to me to be a somewhat easier
target for copying, in that it sits around in a file for a while here and
for a while there.  The Internet needs a new generation of SMTP with
transparent encryption that at least keeps the casual system administrator
for noticing too much about the body of the message.  But instead, the
solutions being looked after seem to be end-to-end protection from the NSA
and with the bonus guarantee that the sender is who they say they are and
maybe the receiver is too.

Call me naive, but for the most part, it seems to me that nobody out there
much cares about the data passing by and encryption may often be just a
waste of time and energy.  It is the exceptions that need special
attention, not the routine - or else, the whole business world needs to
change habits of plain communications across the board (Internet and
pre-Internet media).

--
Richard L Gambrell
Database Administrator and
Consultant to Computing Services at UTC

** UTC business:
  University of Tennessee at Chattanooga
  113 Hunter Hall, Dept. 4454
  615 McCallie Ave., Chattanooga, TN 37403-2598
  fax: 423-755-4025
  phone: 423-755-4551       email: [log in to unmask]

** other business or private:
  voice mail/phone: 423-874-0261  email: [log in to unmask]

ATOM RSS1 RSS2

RAVEN.UTC.EDU