From owner-freebsd-current  Sun Jun 25 13:19:18 1995
Return-Path: current-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id NAA05957
          for current-outgoing; Sun, 25 Jun 1995 13:19:18 -0700
Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159])
          by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id NAA05949
          for <current@freebsd.org>; Sun, 25 Jun 1995 13:19:14 -0700
Received: by halloran-eldar.lcs.mit.edu; (5.65/1.1.3.6) id AA17301; Sun, 25 Jun 1995 16:18:54 -0400
Date: Sun, 25 Jun 1995 16:18:54 -0400
From: Garrett Wollman <wollman@halloran-eldar.lcs.mit.edu>
Message-Id: <9506252018.AA17301@halloran-eldar.lcs.mit.edu>
To: Mark Murray <mark@grondar.za>
Cc: current@freebsd.org
Subject: Re: Crypt code summary(2). 
In-Reply-To: <199506252003.WAA08724@grumble.grondar.za>
References: <199506252003.WAA08724@grumble.grondar.za>
Sender: current-owner@freebsd.org
Precedence: bulk

<<On Sun, 25 Jun 1995 22:03:21 +0200, Mark Murray <mark@grondar.za> said:

> You guys want to hear something frightening? Eric Young (the `eay' in
> SSLeay) has a friend who will make SATAN look stupid. He has, and is
> going to release code that will snoop passwords out of new telnet and
> FTP sessions.

Lots of people have such programs.  There are probably several dozen
running on various insecure machines throughout MITnet right now.  The
usual answer is Kerberized rlogin/telnet or S/Key; in our group we use
both (and I've been tasked to find or create a working S/Key
implementation for our Alphas under four different versions of OSF/1).

> The purpose is to force the use of this (or any
> equivalent technology). _They_ would prefer this to be SSLeay.

/I/ would prefer it to be the Internet Authentication and
Encapsulating Security payloads myself.  If I ever have free time
again I may write support myself (although I'd prefer to have somebody
else's code).

> Well? Are we going to have something we can unleash in retaliation?
> Given SSLeay's licence "free for non-commercial _and_ commercial use as
> as long as attribution is given", I reckon we would be very foolish not
> to.

It seems like a fine application of the `ports' facility.

-GAWollman

--
Garrett A. Wollman   | Shashish is simple, it's discreet, it's brief. ... 
wollman@lcs.mit.edu  | Shashish is the bonding of hearts in spite of distance.
Opinions not those of| It is a bond more powerful than absence.  We like people
MIT, LCS, ANA, or NSA| who like Shashish.  - Claude McKenzie + Florent Vollant