From owner-freebsd-chat Tue Dec 16 21:27:31 1997 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.7/8.8.7) id VAA10929 for chat-outgoing; Tue, 16 Dec 1997 21:27:31 -0800 (PST) (envelope-from owner-freebsd-chat@FreeBSD.ORG) Received: from ns.mt.sri.com (sri-gw.MT.net [206.127.105.141]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id VAA10922 for ; Tue, 16 Dec 1997 21:27:23 -0800 (PST) (envelope-from nate@mt.sri.com) Received: from mt.sri.com (rocky.mt.sri.com [206.127.76.100]) by ns.mt.sri.com (8.8.8/8.8.8) with SMTP id WAA05122; Tue, 16 Dec 1997 22:27:21 -0700 (MST) (envelope-from nate@rocky.mt.sri.com) Received: by mt.sri.com (SMI-8.6/SMI-SVR4) id WAA11814; Tue, 16 Dec 1997 22:27:18 -0700 Date: Tue, 16 Dec 1997 22:27:18 -0700 Message-Id: <199712170527.WAA11814@mt.sri.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: Charles Mott Cc: Nate Williams , chat@FreeBSD.ORG, softweyr@xmission.com Subject: Re: Support for secure http protocols In-Reply-To: References: <199712170414.VAA11573@mt.sri.com> X-Mailer: VM 6.29 under 19.15 XEmacs Lucid Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > > Ssh and sshd are already universal in the unix world, and the Wintel > > > variant (F-Secure) is reasonably priced. > > > > And doesn't have nearly the necessary features, is unstable, and due to > > port forwarding is a *huge* security risk unless the system > > administrator has set things up securely. > > Any secure server is a risk unless the administrator does his job. Even > after that it is still a risk. Public key encryption is only as secure as > the private keys. Yes, but the default setup means that any machine you can connect to allows you to do port forwarding to any machine that the server machine can connect to. This feature is not widely understood/known about. > What necessary features are missing? The ability to have a connection to the HTTP server w/out requiring a login account. The ability to use arbitrarily run commands 'rsh' style simply and easily. > How easy are they to add to the > framework so that they can make ssh (or a derivative) useful? Not easy, because of Win95's inherent limitations. > > SSH is a *GREAT* solution for many things, but for secure HTTP stuff I > > don't think it's a very good solution. > > I don't say use ssh for web commerce (yet), but if I had to set up a > secure server (http, but maybe something else) for a limited clientele, > then I personally would seriously consider an ssh solution. But, that isn't necessarily what Wes was asking about. Yes, SSH works as a great 'secure' connection so you can limit your clientele, but it also means that it is a 'limited' solution that requires alot of maintainence on the server/client end, and is not for the faint of heart. (We're using it locally, but it's non-trivial to setup and maintain.) > It works well > and it encapsulates the both security and legal headaches. Not legal, if your clients are not in the US. (ITAR obnoxiousness.) Nate