From owner-freebsd-security Thu Mar 25 2:10:44 1999 Delivered-To: freebsd-security@freebsd.org Received: from blubb.pdc.kth.se (blubb.pdc.kth.se [193.10.159.47]) by hub.freebsd.org (Postfix) with SMTP id A078215019 for ; Thu, 25 Mar 1999 02:10:40 -0800 (PST) (envelope-from joda@pdc.kth.se) Received: from joda by blubb.pdc.kth.se with local (Exim 1.71 #3) id 10Q72X-0005m9-00; Thu, 25 Mar 1999 11:07:05 +0100 To: Matthew Dillon Cc: Mike Thompson , Gary Gaskell , freebsd-security@FreeBSD.ORG Subject: Re: Kerberos vs SSH References: <199903250426.UAA68023@apollo.backplane.com> <4.1.19990324234311.00a0eba0@mail.dnai.com> <199903250905.BAA95946@apollo.backplane.com> X-Emacs: 19.34 Mime-Version: 1.0 (generated by SEMI MIME-Edit 0.77) Content-Type: text/plain; charset=US-ASCII From: joda@pdc.kth.se (Johan Danielsson) Date: 25 Mar 1999 11:07:04 +0100 In-Reply-To: Matthew Dillon's message of "Thu, 25 Mar 1999 01:05:58 -0800 (PST)" Message-ID: Lines: 20 X-Mailer: Gnus v5.6.45/Emacs 19.34 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Matthew Dillon writes: > The one problem with this is that kerberos defaults to disabling > encryption ... you have to explicitly enable it. Don't day that `kerberos' defaults to disabling encryption. Kerberos is a protocol to authenticate users, and as such it always uses encryption. Kerberos *applications* can choose to use or not use encryption, but to say that all of them, and all implementation of them, doesn't by default is unfair. Most applications that doesn't encrypt has a good reason not to, like being originally written in an era where computers were slow enough to make encrypted telnet sessions painful. Which isn't an excuse for not doing encryption, but an explanation. /Johan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message