From owner-freebsd-chat Thu Feb 14 19: 8:33 2002 Delivered-To: freebsd-chat@freebsd.org Received: from hawk.mail.pas.earthlink.net (hawk.mail.pas.earthlink.net [207.217.120.22]) by hub.freebsd.org (Postfix) with ESMTP id 9EF0C37B417 for ; Thu, 14 Feb 2002 19:08:28 -0800 (PST) Received: from dialup-209.244.104.20.dial1.sanjose1.level3.net ([209.244.104.20] helo=mindspring.com) by hawk.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 16bYjB-00035y-00; Thu, 14 Feb 2002 19:08:02 -0800 Message-ID: <3C6C7B86.DB94396E@mindspring.com> Date: Thu, 14 Feb 2002 19:07:50 -0800 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: "f.johan.beisser" Cc: j mckitrick , freebsd-chat@FreeBSD.ORG Subject: Re: How do basic OS principles continue to improve? References: <20020214164323.C21734-100000@localhost> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org "f.johan.beisser" wrote: > > I think the primary motivation for them dragging their > > feet has been a "you scratch our back, we'll scratch > > yours" between them and the U.S. Government, which, for > > the most part, would just as soon not have a network > > infrastructure with strong cryptography built in. > > > > In fact, if we look at the "technology preview", and > > compare it with what actually ended up released with > > the IPv4 IPSEC code, and then, later, with Windows XP, > > we see that authentication and nonrepudiation made it, > > but ene-to-end encryption of content did not, and that > > there is still widespread dependence on SSL, instead. > > this may be due to the already widespread existence of SSL, vs any real > conspiracy between the US government and MS. remember that MS tends to be > lazy about their systems and protocols, and as an extention of this they > may have simply viewed it as "unnessassary work" in implementing it. on > the other hand, the use of auth/rep parts of IPSec allows MS to say "look, > no one can fake packets from your machine. see how we've improved your > personal safety on the internet?" There's no real reason that they would have actually done real work to rip out code that was in the technology preview, for the release, is there? It's *more* work to take it out. Your argument might hold water, if they simply hadn't ever put the code in in the first place. > > We also see that, even where SSL is used, it's mostly > > used for protection of plaintext passwords on form > > submits for HTTP based session establishment, but > > that the content thereafter is not encrypted. This is > > definitely true of HotMail and of Yahoo. In fact, we > > see that Yahoo defaults to non-encrypted authentication, > > as well, and you have to go out of your way to request > > it. > > odd. once again, i see a nitch service for a pseudo-anonymous private > email system. web mail, IPSec/FreeSWAN and potentially encrypted mail > transactions (with the option of pgp) would be handy. someone's probably > done this already. The issue is the SSL overhead, which is much less of an issue in an IPSEC world than it is in an SSL world. > > I really disagree with this rationale; please see "The > > Innovator's Dilemma", referenced in my other post with > > full bibliographic information. > > will do. can you give me a date span to search? Today, posting immediately prior to the one to which you were replying. > > > with the release of XP, though, MS has also given out broad range of > > > potential v6 users (this is what i've been given to understand, i've not > > > had the motivation or spare hardware to check this out and verify it). > > > > I have XP on a machine I bought for $300 at Fry's the > > other day to install FreeBSD on (in fact, this was the > > genesis of my diatribe about installation an partitioning > > tools in FreeBSD last month); Windows XP does *not* come > > with IPv6 support integrated into it, at least as far as > > the networking "control panels" are able to discover. 8-(. > > what version of XP? The version that comes on new computers as of 2 weeks ago; according to the CDROM mask, it's "version 2002". > i guess this means i have to install and check anyway. it would not > suprise me if they had everything command line as they did with win2k's > v6 extention. The Windows 98 that I have the technology preview installed on has a protocol binding for IPv6 in the control panel, and a tabbed dialog for configuring it under "properties". I would be really surprised if the only way to access it were via the command line; one would at least expect to see it in the drivers or in the WinICE Windows kernel debugger I have loaded on the XP machine, along with the SDKs and DDKs for Windows XP for Visual Studio. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message