From owner-freebsd-current Tue Aug 20 23:26:39 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id XAA01274 for current-outgoing; Tue, 20 Aug 1996 23:26:39 -0700 (PDT) Received: from grumble.grondar.za (root@grumble.grondar.za [196.7.18.130]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id XAA01265 for ; Tue, 20 Aug 1996 23:26:31 -0700 (PDT) Received: from grumble.grondar.za (mark@localhost.grondar.za [127.0.0.1]) by grumble.grondar.za (8.7.5/8.7.3) with ESMTP id IAA28028; Wed, 21 Aug 1996 08:25:22 +0200 (SAT) Message-Id: <199608210625.IAA28028@grumble.grondar.za> To: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (Andrey A. Chernov) cc: mark@grondar.za (Mark Murray), current@FreeBSD.org Subject: Re: Secure telnet duplicating: secure & eBones both... Date: Wed, 21 Aug 1996 08:25:21 +0200 From: Mark Murray Sender: owner-current@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= wrote: > > Right now there is RSA and SPX, Neither of which work and neither of > > which are particularly standard (I speak under correction) as telnet > > authenticators/encryptors. > > I am aware that only Kerberos part is working now. > But, > > 1) What we plan to do when other parts will works in future > versions, move it back? > (it was my question from my first message, unanswered) No. Leave it where it is. There is no point in having three Telnets 1) insecure, 2) secure, no kerberos 3) secure, with kerberos. > 2) It can be build without Kerberos, encryption parts not > active in this case. But at least encryption protocol > negotiation still works. Are you sure? I am not. (Unless you are talking about the WILL/WONT bits) > And yet one my question, unanswered in all messages: > what are the reasons to move it? > As I guess, your logic is: if only Kerberos part works, > move it to eBones. In this case see my (1). Have a good look at how our telnet has been used since 2.0 came out. Our Telnet, although currently in the secure/ source area is actually part of the kerberos binary distribution, and has been that way for a year. That happened when a SNAP was being built, and folks got screwed by loading the secure distribution ang getting a kerberised telnet with no kerberos shared libraries. > I.e. I see _no_ harm leaving it in secure and see I see much harm in having three versions. This is difficult enough to maintain as two versions, let alone three. Even if it did stay as two source versions, how on earth do do propose to build the three varieties I mentioned above? > (1) harm to moving it to eBones. Come on Andrey, Instead of complaining about this, please come up with another proposal - somthing that carries a little more weight than broken and nonexistant code. M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 Finger mark@grondar.za for PGP key