- From: Eric Murray <ericm@lne.com>
- Date: Tue, 4 Feb 1997 22:38:42 -0800 (PST)
- To: jaltman@columbia.edu
- Cc: ChristopherA@consensus.com, ietf-tls@w3.org
Jeffrey Altman writes: > > I have strong interest in adding TLS/SSL support for telnet, login, and > ftp. > > The reality is that you need to have separate ports unless we want to > force a major re-write of applications. I used to agree with that, but when I tried it I decided that actually it's not that bad. SSL-izing telnet and ftp took me about two days each, and most of that time was spent understanding the option negotiation. Of course that doesn't mean that it'll work for everything, but I'd be willing to bet that there isn't another protocol with an option negotiaiton that's sicker than telnets. :-) There's an internet draft on SSL inside ftp (i.e. negotiating use of SSL in an FTP connection) written by Paul Ford-Hutchinson Tim Hudson and myself: draft-murray-auth-ftp-ssl-00.txt. > Of course, the preference would be to have TLS/SSL be implemented in > the protocol stack and be transparent to the application whenever > possible. For real security you still need to provide the user some indication what CipherType was negotiated. Otherwise someone might connect at "40 bits" when their data needs more security that that. So it can't be 100% transparent. -- Eric Murray ericm@lne.com ericm@motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF
Received on Wednesday, 5 February 1997 01:38:56 UTC