From owner-freebsd-hackers  Thu Feb  5 21:50:15 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id VAA04543
          for hackers-outgoing; Thu, 5 Feb 1998 21:50:15 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from smtp01.primenet.com (smtp01.primenet.com [206.165.6.131])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA04538
          for <hackers@FreeBSD.ORG>; Thu, 5 Feb 1998 21:50:12 -0800 (PST)
          (envelope-from tlambert@usr06.primenet.com)
Received: (from daemon@localhost)
	by smtp01.primenet.com (8.8.8/8.8.8) id WAA27757;
	Thu, 5 Feb 1998 22:50:11 -0700 (MST)
Received: from usr06.primenet.com(206.165.6.206)
 via SMTP by smtp01.primenet.com, id smtpd027699; Thu Feb  5 22:50:01 1998
Received: (from tlambert@localhost)
	by usr06.primenet.com (8.8.5/8.8.5) id WAA03253;
	Thu, 5 Feb 1998 22:49:58 -0700 (MST)
From: Terry Lambert <tlambert@primenet.com>
Message-Id: <199802060549.WAA03253@usr06.primenet.com>
Subject: Re: WebAdmin
To: andrew@squiz.co.nz (Andrew McNaughton)
Date: Fri, 6 Feb 1998 05:49:58 +0000 (GMT)
Cc: hackers@FreeBSD.ORG
In-Reply-To: <v02120d00b0ff5030c15f@[203.96.56.128]> from "Andrew McNaughton" at Feb 6, 98 05:39:05 pm
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG
X-To-Unsubscribe: mail to majordomo@FreeBSD.org "unsubscribe hackers"

> There are of course still authentication issues which must be dealt with on
> every request.  SSL or similar would be required in order to safeguard
> passwords.  Storing the IP associated with requests helps to avoid hijack,
> but is open to spoofing attacks from anyone able to intercept packets
> containing the session ID.

SSL can not be in by default because of ITAR restrictions.  BSD crypto
is done outside the US, mostly so that non-American programmers become
better at crypto than American programmers so foreign powers can conduct
espionage with impunity because we can't break their crypto.  Er, I
mean so that we can keep these dangerous munitions from falling into
the wrong hands, since an evildoer would never violate US export
regulations in the course of engaging in terrorist activity, because
terrorists have a social conscience.  Er, because we are stupid.


					Terry Lambert
					terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.