Subject: Re: Any point to cvs using rsh? (was Re: Anoncvs pointer)
To: Wolfgang Rupprecht <>
From: Gary Thorpe <>
List: current-users
Date: 12/13/2002 15:16:05
 --- Wolfgang Rupprecht <> wrote:
> (Greg A. Woods) writes:
> > [ On Friday, December 13, 2002 at 15:10:10 (+0000), Matthias
> Scheler wrote: ]
> > > Because you want to make sure that you get your new sources from
> the
> > > real NetBSD anonymous CVS server and not some other server. SSH's
> > > host key management system will take care of that.
> > 
> > and so then you'll be getting rid of the FTP server too, right? 
> :-)
> Or perhaps just limiting it to IPSEC AH with public keys?
> I haven't seen much public use of IPSEC.  Perhaps using it on source
> repositories is just the application that can spur a bit of interest
> in it.  (It might also be a good way to test racoon or isakmpd and
> shake it down in an environment.)
> -wolfgang
> -- 
> Wolfgang Rupprecht
> spider food:
> (NOTE: The email address above is valid.  Edit it at your own peril.)

Thats kind of what I was asking...since things like anonymous ftp and
anonymous cvs may not necessarily require data encryption but NEED
protection against host spoofing/session hijacking (almost all TCP
services?), would something like IPSEC be appropriate? Would it require
less resources to implement, or is it the same effect as SSH just moved
lower down the protocol stack? Is there a way to ensure the computer
you are talking to is actually the one you want to talk to without
encrypting the data stream itself?

Post your free ad now!