From owner-freebsd-security  Sun Feb 26 21:48:40 1995
Return-Path: security-owner
Received: (from majordom@localhost) by freefall.cdrom.com (8.6.9/8.6.6) id VAA29902 for security-outgoing; Sun, 26 Feb 1995 21:48:40 -0800
Received: from precipice.Shockwave.COM (precipice.shockwave.com [171.69.108.33]) by freefall.cdrom.com (8.6.9/8.6.6) with ESMTP id VAA29895; Sun, 26 Feb 1995 21:48:37 -0800
Received: from localhost (localhost [127.0.0.1]) by precipice.Shockwave.COM (8.6.10/8.6.9) with SMTP id VAA02143; Sun, 26 Feb 1995 21:47:20 -0800
Message-Id: <199502270547.VAA02143@precipice.Shockwave.COM>
To: "Jordan K. Hubbard" <jkh@freefall.cdrom.com>
cc: hackers@freefall.cdrom.com, security@freefall.cdrom.com
Subject: Re: key exchange for rlogin/telnet services? 
In-reply-to: Your message of "Sun, 26 Feb 1995 11:13:06 PST."
             <199502261913.LAA29658@freefall.cdrom.com> 
Date: Sun, 26 Feb 1995 21:47:20 -0800
From: Paul Traina <pst@Shockwave.COM>
Sender: security-owner@FreeBSD.org
Precedence: bulk

Yes, it's well known,  (take this with 3 grains of salt, I am not an
expert in D-H) but the base technology requires use of RSA which is
patented and said patents are enforced stringently.

That's why we use S/Key.

  From: "Jordan K. Hubbard" <jkh@freefall.cdrom.com>
  Subject: key exchange for rlogin/telnet services?
  You know the problem.  You're sitting down at USENIX or your friend Bob's
  in Minnesota or some other gawdforsaken place and you have no way of knowing
  whether or not that password you just typed to log in to freefall was just
  sniffed by the entire undergraduate class of the local university (or their
  bored ISP).  You can't set up a kerberos realm with everyone, so what you'd
  really just like to do is ensure that the endpoints are reasonably secure
  and encrypt everything going in between.  A friend recerntly suggested a
  method for which my knowledge of the spelling may be incomplete, but
  I'll try: "Diffie-Hellman key exchange."  Apparently you start out with
  a key pair on each end and then each raise eacy to the power of the other's
  public half and used the information derived to secure the link.
  
  Do any of you security weenies out there know what I'm talking about?
  Am I making any sense?  Should I be locked up by the NSA for even suggesting
  this?
  
  					Jordan