Subject: Re: FreSSH
To: NetBSD-current Discussion List <current-users@netbsd.org>
From: Charles Shannon Hendrix <shannon@widomaker.com>
List: current-users
Date: 03/09/2002 19:00:22
On Sat, Mar 09, 2002 at 11:58:46PM +0100, Emiel Kollof wrote:
> * Charles Shannon Hendrix (shannon@widomaker.com) wrote:
> >
> > I don't care if my vi edits and the guts of my tar files are visible
> > on the net.
>
> Excuse me, but what about the mail you open with mutt, or your pgp
> passphrase then? If only the passwd is encrypted, all those other things
> are cleartext. Sorry, not good enough.
You are excused.
Use encryption for the data in those cases you cite.
But consider something like staging files to a web server. The
information is going to be public anyway, so why encrypt it? If I
transfer files from a remote machine to my machine at home and it's
something like the sources for NetBSD, why encrypt it? It's public
information!
In cases like that, you only need your login information encrypted,
the rest simply doesn't matter.
On an internal network, authentication is often the only piece desired.
It gets around the security holes in rsh-type mechanisms, and avoids
problems like IP spoofing, etc. But the data itself is often wide open
anyway, so you don't need to encrypt it.
Note that I'm not talking about removing encryption from the ssh
software, which seems to be what people think I said.
--
UNIX/Perl/C/Pizza__________________________________shannon@widomaker.com