Subject: Re: patch to add rfc2228 support to ftpd
To: Johan Danielsson <joda@pdc.kth.se>
From: Tomas Svensson <tsn@gbdev.net>
List: tech-userlevel
Date: 03/26/2002 21:22:35
Tuesday, March 26, 2002, 4:02:45 PM, you wrote:

JD> Tomas Svensson <tsn@gbdev.net> writes:

>> I think it adds a lot of kerberized obfuscation that may not be
>> needed for other security methods.

JD> What do you mean by that?

Too much stuff taken from crypto/dist/heimdal/appl/ftp/ftpd and it
assumes that every security method works like it, but 2228 doesn't
require authentication nor data transport to be like that.

>> It also assumes that the data is always encrypted by a function then
>> sent with write() which isn't the case with TLS.

JD> Doesn't TLS use out-of-band encryption, and so can't ever be made to
JD> work with RFC2228?

What do you mean? It could do "AUTH SMOKE", send smoke signals and
still be RFC2228-compliant...

-Tomas